GAAP Digital, You and GDPR
"On 25 May 2018 most processing of personal data by organisations will have to comply with the General Data Protection Regulation (GDPR)"
As you will hopefully be aware, the EU General Data Protection Regulation (GDPR) comes into play as of May 25th, 2018 (yes that is pretty much exactly one month away). I hope that you managed to find some time to read the blog that I posted back in September 2017 which gave you 'ten tips' on how to get ready for this new legislation? If you haven't then you can read it now by clicking here > Ten Tips for preparing for GDPR.
Honestly. Read that post before you go any further : )
(Welcome back) ;
I realise that you are getting this email (and link) just one month before the legislation comes into play. However, myself and a tightly-knit team of experts have been working towards, firstly, making sure WE are GDPR ready and, secondly, being in the position where we can advise YOU on the steps you should take towards being GDPR ready, for over a year now.
In short ... good information handling makes good business sense. At the end of the day (regardless of how much you think this feels like 'another thankless task') you will definitely enhance your business's reputation, increase customer and employee confidence, and by making sure personal information is accurate, relevant and safe, save both time and money.
Since finding out about this legislation, and it's future implementation, there have been many clients and suppliers of ours who have the perception of 'this is just another way to make money from us'. To a certain extent this is true and I am certain that many companies have made the most of it and profited from scaremongering over it. From Lawyers and Intellectual Property experts to Hosting and Digital Marketing organisation like ourselves, there are a plethora of different sets of advice and warnings for us all to try and take in and digest. However, we have worked really hard, on a digital marketing front, to try and come up with a set of recommendations that are
1: sensible and not cost-prohibitive and
2: comply with as many of the guidelines that the ICO set out as possible.
(When I say 'as possible' it is because there are still some aspects of the legislation that still need to be ironed out and will be updated over the course of the coming year and beyond).
YOu may also have noticed that I am using the term 'GDPR READY' just now and NOT 'GDPR COMPLIANT' as I'm unconvinced anyone will be wholly 'compliant'.
Perhaps The ICO will be? : )
Recently, when talking to some worried clients about GDPR and it's very difficult implementation I have been using the following analogy (hat tip to Ewan).
It's that of a 10,000 carriage train with 200 people on each carriage. This very large train (at the moment) looks to have only 500 ticket inspectors.
However, this does NOT mean that we should not be paying our way and avoiding paying for our ticket at the ticket office!
You, as a business owner or operator ... or even as someone who is aware of GDPR, have a responsibility to get your organisation ready. A lot of the guidelines, in my opinion, are heavy handed and possibly over the top.
However, recently, we heard a pretty reassuring quote from the ICO and it's the most realistic statement I have heard from them if the truth be known.
"We're not going to be looking at perfection, but we will be looking for commitment." ICO Spokesperson
Do not think that this will just 'go away. Do not put your head in the sand. There are some very real sanctions that can be handed out. (you can find out more about these fines on the links at the bottom of the post)
Finally. The main piece of advice I can give you is not to worry about ALL of the fine detail, however, you DO have to decide on what details are best addressed for you and your company. If you haven't already started dealing with it, you definitely need to commit towards being GDPR READY now.
If you have a site that was developed by GAAP Digital then we will be in touch with you very soon to talk through your options and put forward a set of recommendations. It is YOUR responsibility though.
(If you don't have a site via ourselves but would like to discuss the possibility of one then please get in touch today)
I honestly believe that our set of recommendations are sensible and adequate for you to start that commitment towards being GDPR ready.
Resources & Further Information
Overview of the GDPR - General Data Protection Regulation
General Data Protection Regulation (GDPR) FAQs for small organisations
Data Protection Act 1998
Privacy and Electronic Communications Regulations 2003
The Guide to the PECR 2003
Data Breach - Possible penalties
TheUltimate Online Privacy Guide