What it was
A CIPR Business Ethics Briefing, completed as part of my CIPR continuous professional development.
What I learned
GDPR can be seen as a gift – an opportunity for fresh thinking and a challenge to make sure we are being fair and open in our dealings with customers.
At heart, GDPR seeks to give control to individuals over how organisations use their personal data (and to harmonise such privacy laws across the EU).
Getting GDPR wrong could mean significant fines, negative publicity, loss of trust, reputation and brand damage, legal actions and regulatory enforcement.
Rather than embracing GDPR out of fear of the negative consequences, organisations can look to how it supports ethical business practice.
The need to separate Ethics from Compliance – “Ethics starts where the law ends”. Compliance is arguably too narrow a prism through which to see GDPR.
The briefing proposes practical steps for ensuring that organisations use data ethically – and so comply with GDPR along the way.
What I will aim to do differently as a result
Consider the wider ethical considerations of GDPR in our implementation plans
Communicate the importance of the ethical usage of personal data, and importance of leaders setting the tone
Consider how our organisation could go beyond compliance and address cultural issues on data handling