Correcting Privacy by Design errors with your software supplier

Data protection expert Lisa Wilson exposes the way in which some software companies are profiting from updating non-GDPR compliant systems.

During the past year of madness that has been the data protection revolution, I’ve discovered a very lucrative spin off for software companies. Now software developing is in our family blood, with both my husband and son working in this industry, so I’m well placed to know a little more about it than most. But before I put these software companies on the naughty step, let me take you back to 1361 and the introduction of the very first privacy law in the UK, The Justices of Peace Act. This allowed for the arrest of peeping toms and eavesdroppers. Today these would be you or I on a train reading the persons email on their laptop in the seat in front of us. Oh how things have changed!

As you can see from the evolution of the spoken word, moving forward to the written word and now the e-word, allowing someone to see the information we hold has been a concern to us for many hundreds of years and laws have been put in place to protect this. The introduction of the 1989 Data Protection Act was just a natural progression of these. However, it did give us many additional rights, one being, to have our data deleted if we so requested. After all these years of protecting our data and the introduction the 1988 DPA, how were software companies able to sell non-compliant systems that did not allow for this feature? Whilst I also take the point that companies that bought these systems did not undertake the due diligence required, the cost of putting this fatal error right can be extortionate!   

Now anyone who knows me will tell you that I am made of strong stuff, but even I had to sit down when one company, very well known too I might add, gave a quote of £20,000 to write the code to correct this and allow the company to delete its data. Around this time I was think of phoning my husband and son to inform them we were most obviously missing a gap in the marketplace and to get the Sunseeker 95 on order!  

The point to make is:-

•    Never underestimate the importance of Privacy by Design and DPIA’s.
•    Did these companies have a contractual obligation to be compliant with the DPA 1989?
•    If so, should the customer have to pay to put this right?
•    If you are unable to delete data in line with your retention policy, you are in breach of the GDPR.

And now the interesting question is:-

Do you pay to bring these legacy systems into compliance or accept the risk? What will you do?

Topics: Insurance Sector

December 3, 2018
Talk to an expert

Daniel Waltham
Written by Daniel Waltham

Responsible for leading client relationships and new business sales. Dan takes a lead role in customer engagement, identifying, creating and designing solutions to help our customers with risk and regulatory challenges. 13 years of experience working with financial services businesses across risk, compliance, data protection and regulatory change.

More interesting insights

CONTACT US

0203 800 1099

enquiries@thefourthline.co.uk

FourthLine Ltd
4th Floor, Arkwright House
Parsonage Gardens
Manchester
M3 2LF

Company Number: 6952875

VAT Number: 981375491

CONNECT WITH US

fl-connect-icon
Stay up to date with industry news, specialist sector themed events and webinars.

fl-linkedin-icon  fl-twitter-icon  fl-facebook-icon

 

Copyright © 2019, Fourthline. All Rights Reserved.