Ron explains why doing nothing could make Lizzie guilty

With a new European law about data protection due to come into force in May, many companies are ill-prepared for its consequences for them. Lizzie’s one-woman blog Lizzie Banks On It is one of them, and Grandad Ron explains…

“So, will you be a criminal after May 25th, or are you ready for the new law?” Grandad Ron wanted to know.

Lizzie, on her hands and knees on the carpet, where she was changing baby Jack’s nappy amongst a flurry of giggling and flailing infant limbs, at first didn’t realise what he’d said. Pulling her son’s trousers up for him, she suddenly focused on what she’d been asked. Shocked, she asked: “What do you mean, a criminal? What have I done?”

“Well, here’s the thing,” said Ron, playing her like a fish. “If you’ve done nothing, then there’s every chance you’ll be guilty, but if you’ve done something, then you won’t be…” He disappeared behind his newspaper again.

Lizzie crooked her finger over the top of the paper, and pulled it down gently, so she could look him in the eye. “And what’s that riddle supposed to mean, Captain Enigmatic?”

“European law,” he said, with a magician’s flourish as he tossed the newspaper aside. “General Data Protection Regulations. Your responsibility, if you hold personal data about people – and you must have some of that, given how hard you work on that blog of yours, Lizzie Banks On It.”

“But we voted to leave the EU,” she protested. “That what all this Brexit stuff’s about.”

“Agreed. But we haven’t left yet, and until we do, we still have to work to European rules. And we might well have to afterwards, come to that. Nobody really knows. But this new law comes into force on May 25th, which is only a matter of weeks away, so you’re going to have to do something about it. I’m guessing you haven’t, judging by the expression on your face?”

As usual, her father-in-law was right. She wasn’t even sure what the Regulations were about, much less the responsibilities they put on her. She said so. “What does it all mean?”

“Well, I’m no expert, for a start – but it’s about the way companies hold personal data. The rules give people more rights, and the law will stretch over national boundaries. And here’s the tough part: the fines for not complying are huge. The fine structure is enough to put companies out of business, I’d say, because it allows for fines of up to €20m.”

Lizzie was aghast. “I had no idea,” she said. “What am I going to do?”

“For a start, don’t panic. I don’t pretend to know all the rules, but the people who should do, because it’s their job, are the people who created the web site and look after the web access and the like. IT specialists, that’s what you need, because they’ll be able to give you the sort of advice that suits your little company, and how you need to apply the law. And they’ll know how to make your computer security more robust, which is what’s behind all this. It’s designed to keep personal data out of the hands of people who want to use it for all the wrong reasons. Criminals. Fraudsters. Low-lifes. And there’s no time like the present to talk to an expert about it. That’s what I said earlier. You won’t be guilty if you’ve done something…”

“As if I haven’t enough to do already,” she said, running her fingers through her hair.

“I think you’ll find that being busy won’t wash as a defence if you do have a data breach,” said Ron, raising his eyebrows. “It might be that all you have to do is call your IT people, and they’ll set you up with the right kind of security, for a start, and then you can sort through the data you have, and get rid of what you don’t need. The less you hold, the less at risk you’ll be. I think Jack should come to play with his Grandad whilst you go and make that phone call, don’t you?”