From “I’m sorry to see you go”, to “Urgent: Take action NOW!”, inboxes around the world are awash with panicked attempts to comply with GDPR and hold onto as many customer contact details as possible.
Some companies, such as JD Wetherspoon, opted to save itself the trouble and deleted the entire database. They made more headlines shortly after when they closed every single social media account they owned. But for most companies, deleting an entire – very valuable – database of customers and clients isn’t an option.
For many, the looming deadline of 25 May 2018 – when GDPR comes into force – has caused panic, stress, sleepless nights, and in many cases, extra costs. Here are a few of the most common challenges we’ve seen and experienced when businesses have come to us for help understanding GDRP and crucially, how to prepare for it.
Is Your Business Ready For GDPR?
From a business perspective, making changes to ensure GDPR compliance has not been an easy experience, regardless of size.
Many businesses have struggled, for a number of reasons.
One reason is the vast amount of information, misinformation and blatant scaremongering that has been going on. Too many businesses – including law, cyber security companies and freelancers/consultants – have seen GDPR as a way of making some quick, easy revenue. But to ensure they cash in on this data compliance gold rush, some have resorted to scare tactics.
Company directors have heard about massive fines (up to 4% of turnover) and the potential damage to a company’s reputation and panicked. Some have needlessly spent ££££s on “consultants” when they could have turned to the Information Commissioners Office (ICO) for free guidance; therefore taking a much more cost effective and level headed approach.
Apart from the scaremongering, there have been numerous genuine concerns and challenges that we – on behalf of our clients – have tried to solve and understand. These include the following:
- What data do we have?
- How do we process and store it?
- Do we share this with any third-party systems or suppliers (e.g. web hosting companies or email services, such as MailChimp)?
- Do we have consent to hold onto the data we have?
- And if not, how do we get consent?
- Do we have policies, procedures and tools in place to ensure employees are safely and securely handling personal data, and if not, what should we do?
- How do we ensure transparency and maintain an electronic paper trail, to keep team members accountable and directors safe from misuse or employee theft?
When it comes to understanding data management, there is no one-size-fits-all approach that works. Every company needs to take a different journey, which is why buying “GDPR packages” are often not the right approach.
GDPR Best Practices
At Pro Drive IT we have offered our clients a range of solutions suitable for a wide variety of scenarios, including:
- Breaking down the jargon. Sharing best practices and useful tips.
- Hosting workshops. Helping businesses understand what needs to happen, how they can make changes, and making GDPR something they can tackle internally (with extra support as needed) instead of a scary risk they have to face.
- For those who’ve needed more help, we have worked with them in a collaborative and proactive setting. Giving them the knowledge and tools to implement GDPR compliance, without clients losing valuable databases or upsetting relationships with customers.
GDPR will be in force soon, taking over from the Data Protection Act. In the years to come we may look back to May 25th2018 with the same fondness as preparations for the Millennium Bug. In practice, this legislative change means organisations will take more care processing personal data, to ensure we work and share data with a security conscious, transparent and collaborative mindset going forward. That’s good for all of us as individuals.