Legal Thought Leadership

Data Privacy, an ethical approach

April 9, 2019

It was a pretty frantic run-up to 25 May 2018, the day when the GDPR went ‘live’.

Now, almost a year on, Information governance managers are probably feeling pretty happy that their key project milestones were reached and that their business can now say, hand on heart, that it has in place a reasonably robust set of privacy procedures and policies.

Assuming you do now have in place a well-written privacy policy; that you have an enterprise- level understanding of what personal data you process and why; you’ve embedded a clear approach to carrying your data protection impact assessments; you’ve appointed a DPO perhaps and updated your privacy notices, you might be forgiven for thinking that it’s “job done”!

But is it?

All these measures are essential concerns for you and your Board of course; having a compliance regime in place means reduced risk for the organisation; happier insurers and regulators. They are necessary steps, but are they sufficient?

We take informal soundings from information governance teams across the country and in a variety of sectors. What we find is that those information governance managers who are at the cutting edge of data privacy have historically wanted to do more. They saw long ago that ‘respect for data privacy’ is not just an abstract concept of interest only to the Information Commissioner and a few academics. They have long known that it is at the core of the modern economy and that the winners will be those organisations that harness a new approach, even a new culture, around respect for data privacy.

The GDPR (supplemented now by the Data Protection Act 2018) is intended to steer companies and other organisations that use personal data into a new frame of mind. The new law came about as a result of Governments across Europe (including the UK) sharing the recognition that for two reasons, improving data privacy was essential.

Those reasons are:

  1. The need for modern democracies to guarantee the protection of personal privacy as a  fundamental human right and
  2. The realisation that any economy based on modern communications technologies (so that means every developed economy), will only be successful if citizens (and consumers) can trust those organisations with their data.

Building that trust with consumers can only be done if data controllers genuinely embrace the new approach and demonstrate openly that their organisation has an ethical approach.

‘Ethics’ are not the normal fare of Boardroom discussions, but by putting data ethics on the agenda (as a standard item) an organisation can quickly develop the sort of culture, strategy and operations needed to demonstrate their trustworthiness. Our discussions with clients have identified some interesting ideas, values and insights that might otherwise have been overlooked. Does your organisation have a clear proposition on data ethics? It can be a powerful differentiator.


Tim Heywood, Partner

07826 929 364

Sign up to theReading Room

We’ll send you infrequent emails that keep you up to date with gunnercooke and industry news.

Recent awards