I’m sure you’ve heard about it, but do you know what it is? Everyone is talking about it, but no one seems to be taking action! I’m talking about the dreaded GDPR.
General Data Protection Regulations is what it is in full, and most people I know (SME’s I mean) know its got something to do with the data we tend to keep on our customers, and most know its got something to do with more rigorous control of that data.
Bored yet? I think that’s half the problem here.. It’s not the most edifying of topics is it? But unfortunately its going to become as pressing as sticking to any of the other laws and regulations we have to stick to as businesses. There’s not going to be a way round it.
I wonder if you have pondered the broader implications yet? For instance: How our data is stored is really important. Whether it is safe and secure or not, and resistant to malicious attack. How you transport it, and what constitutes transport. Whether the data you have is fit for its intended use, or indeed whether you are able to be doing with it what you want to do with it, now or in the future.
What happens if you have a data breach? What happens if one of the thousands of automated attacks on websites and other systems get through to your systems and clean you out, or lock you out, or even worse, steal your customers data?
The main difference in all this stuff as from next May 2018, is not so much the legislation itself, its more the way we now have to comply and demonstrate compliance, and what will become the powers of the Information Commissioners Office to enforce that compliance.
Which is fair enough! But from May, they will be funded by the fines they themselves impose on non compliant companies.
If you look on their site you will see details of the enforcement action that they have taken to date, including fining a Liverpool based company £70,000 for the making of nuisance calls. Now Nuisance calls are easy to make if you are trying to sell something and your data isn’t properly set up or processed properly, even if you have no intention of bothering people at all!
And I don’t know about you, but a fine of £70K would finish my business right now. And from May, the fines are bigger and the regulations more stringent, and the ICO’s powers greater.
So what do we do?
Its simple really – get expert help.
Data protection and the correct management of data is really just another process we need to follow. Its going to feel onerous at the start, especially if our data policy is not fit for purpose, but we’ll soon get used to it.
There are a load of people offering GDPR support right now, from legal firms to software solution providers. Find one that fits and take advice.
Generally your GDPR journey will start with a GDPR gap analysis of some sort. That is, what do you need to do in order to comply? It’s a very powerful exercise as most of us ‘don’t know what it is we don’t know’ in this area, and will be surprised at what now comes under the constraints of ‘data protection’ and the legislation.
Get someone you trust to have that meeting with you, and you’ll be set. You’ll at least know what its is you need to do, what processes need to be in place, and they can help you put a plan together to deal with the requirements, whether you are big company or a small one.
And do it now, before it’s too late! May 2018 will be here before we know it.
**Novo Consultancy can arrange for a 2 hour director level briefing for your company for only £750+vat to make sure everyone at the senior level who needs to know, knows exactly whats involved. Just drop me an email on [email protected] and I’ll be more that happy to speak to you, and set something up.**