On Thursday 6th April, Manchester Digital held a roundtable discussion to understand how the Investigatory Powers Bill (IP Bill) and the General Data Protection Regulation (GDPR) will impact Manchester Digital’s member businesses in the future.
Whilst the IP Bill has the potential to impact ISPs, hosting companies and telecoms companies in particular, it is unlikely to have a great impact for the majority of Manchester Digital members. However, it was noted that many companies still have very little understanding of the IP Bill and what it might mean, not only for their own businesses but also for their clients. Questions that arose from this part of the discussion centred around who exactly (client or customer) is responsible for storing and protecting data. Businesses are keen to understand how to protect themselves and to learn the differences between the IP Bill and GDPR.
Katie Gallagher of Manchester Digital asked the participants if they believed the Bill was going to solve anything or if it will just drive activity ‘underground’. Will these laws cause tech companies to leave the UK?
David Edmundson-Bird from Manchester Metropolitan University predicted the rise of the ‘digital haven’; much like a tax haven which has low taxes and lax laws and legislation.
Daniel Foster of 34SP.com followed this up by pointing out that people are already doing this; Sealand have a data centre in the middle of the English Channel and this type of behaviour might become more commonplace as more restrictions are put into place.
From discussions around the table, it appears that GDPR will have the greater impact on Manchester Digital members on the whole but there is still a lack of understanding about what exactly this legislation means for businesses or clients. It was interesting to note that even if an organisation doesn’t store the data, but writes the code that leads to a breach, that organisation can still be liable. So it’s important to know the facts and to be protected.
Hilary Stephenson from Sigma asked whether or not GDPR would cause companies to do more to prevent bulk harvesting, such as asking for less data in sign-up processes. She commented that this ‘oversharing’ is a particular issue if the user has low digital confidence and they are not sure what they should or shouldn’t be sharing. She believes that in designing better ways of onboarding customers, we can improve UX processes across the board.
David Edmundson-Bird followed this up by predicting that as we see more restrictions being implemented, we might see a rise in pseudo-anonymisation or ‘pseudomisation’ and the creation of false internet personalities to better protect ourselves against surveillance. However, he did warn that without data sharing, we couldn’t have a targeted advertising culture and this could certainly call into question any marketing that takes places in the online world.
David Cook from PwC noted that across the industry, there is still a lot of non-compliance with data protection, let alone GDPR and that businesses need to do more to understand their obligations or risk hefty fines.
It is extremely important for businesses to now consider privacy by design, instead of as a bolt-on or after thought to projects. Some of the benefits of this include addressing potential problems at an earliest stage, when the solution will often be simpler and less costly, as well as an increased awareness of privacy and data protection. across an organisation.
Manchester Digital wants to help and we are looking at developing a risk model but we need your help. If you work for an organisation that stores or protects data and you have an interest in helping Manchester Digital to develop a risk model that can be rolled out across the industry, please get in touch.
Attendees at the lunch time discussion included:
The discussion was kindly hosted by PwC.