GDPR – do you feel like you’re tackling the 100 Day War?
14th February, 2018
Unless you’ve been hiding under a rock for last few months, you’ve probably heard about the General Data Protection Regulations (GDPR).
And, indeed, you’ve probably been bombarded with emails and advice from all quarters telling you what you need to do. Frankly, we’re guessing you’re sick to death of hearing about it.
So, before we go any further, why the reference to the 100 Day War?
Because it is exactly 100 days to the GDPR deadline. And, supposedly, you have to have everything in place by then…
But do you?
Let’s dispel some of the myths around GDPR, and try to get you thinking differently…
It doesn’t apply because of Brexit
Sorry to burst that bubble, but the UK has already committed to implementing this legislation, even when we have left the EU. As yet, the full details of the UK requirements have not been published, but we will be bound by the EU regulations until Brexit has occurred.
25 May – D Day
You’re in deep trouble if you haven’t got everything sorted – Hmmm, that’s not strictly true. You do need to have things in place, but as long as you can demonstrate you are well on the way, and have a fair number of processes implemented, the likelihood is that you will be fine.
Up to €20 million or 4% of global annual turnover are being quoted. Those fines are focused on big corporations, who have deliberately flouted the rules. The Information Commissioner’s Office (ICO), who will still have responsibility for overseeing this in the UK, are more likely to issue a warning, or implement a sanction.
A more severe crackdown is likely to be if data is breached, so ensuring your data is protected and secure is paramount.
It’s an IT issue
Nope – it’s absolutely not. This is a whole company challenge, and it needs to be led from the top. The senior leadership team need to agree what their appetite for risk is, and what direction they want to take. Somebody within the company needs to take the lead on implementing GDPR, which doesn’t have to be a senior leader, but the lead does need senior management support.
IT will be an enabler to evidencing compliance. As we’ve already said, data security is very important.
EU Citizens only
These regulations apply to all individuals while they are located in the EU. That means citizens of the US and all other countries around the world, whilst they are based inside the EU – so could apply to tourists and contractors/ex pats.
It doesn’t apply to us, because we only work with non-EU companies
Actually, it still does. This is particularly true if you have employees, who have increased rights under this new legislation. So, don’t forget to involve your HR department as part of the process.
These regulations apply to businesses who only trade with other businesses, as well as those trading directly with consumers. However, the sensitivity of data held on consumers is likely to require more control, security and protection. It will also be easier for individuals to demonstrate the impact of data being held unlawfully, or data breaches, than for a business. But that doesn’t mean you shouldn’t take the same level of precaution for all data security.
Marketing has to stop
This does not mean the end of marketing, far from it. But there are decisions for you to make regarding your existing database. Partly, this is around the type of business you have, who your customers are, and your appetite for risk.
You may have heard a lot about consent and double opt-in as the only way to comply, but there are other options.
Data Protection registration is no longer necessary
The ICO have confirmed that all companies that process data, and, frankly, that is most companies, will still need to register as data processors. The fees for registration are yet to be announced in the UK, so watch this space. In the meantime, make sure your registration is kept up to date.
This is just a snapshot of some of the GDPR myths and legends that seem to be doing the rounds. There are plenty more!
Please remember we are not lawyers, so you should seek legal advice about your particular situation, to ensure you are compliant.
Can you be 100% GDPR compliant?
No. But you can be GDPR ready, and we can help you, with our comprehensive GDPR audit and support package. We can identify the risks within your business, and then help you to fix them.
If you would like to learn more about how we can help you with GDPR, please contact us on 01784 486 720.