The EU has 'kindly' put together binding legislation to protect everyone's personal data that comes into force May 25th
The General Data Protection Regulation, That’s What!
The EU has ‘kindly’ put together binding legislation to protect everyone’s personal data that comes into force on May 25th 2018. To be fair the lack of consistency, not just across the digital landscape, but across most business industries in general has been the primary driver for this regulation. Data needs to flow but data needs to be secure and businesses need to protect both their own, and their customers’ data.
Is it important to you? Unless you are still using a Nokia 3210 (kudos as they are actually rather sought after at the moment) and playing snake for kicks it’s hard to ignore the news about cyber security and subsequent attacks due to the lack of said security. Did someone say NHS? Don’t ‘Talk Talk’ to us about Petya or Wannacry!
Does Brexit count? Depends which side of the fence you are on, so for the purposes of this discussion we will sit firmly on the picket and simply state that as we are still subject to EU law and until our own Data Protection Bill (DPB) comes into force every firm must ensure they are compliant. The DPB will have GDPR fully incorporated into it anyway so there’s no point waiting as there’s no escape. Plus, you shouldn’t want to shy away from it as it’s beneficial to all and let’s not forget failure to comply could result in fines of 4% of turnover, or up to €20m, whichever is greatest. If you get fined you had better hope the exchange rate is favouring the pound!
Whether you are in the public sector, private sector or not-for profit you need to be prepared for GDPR. Ask yourself some fundamental questions: Do you know enough about it? Do you feel prepared? Do you have any procedures in place and who is in charge of them? Could you handle a flood of information requests? What would happen if you had a data breach? Have your employees had any training about data security? Is your Privacy Policy up to date? If the answer to any of these is ‘no’ then you need to take immediate action and it’s not mutually exclusive for the board of directors, it stands for employees as well.
What about your newsletter contact lists or existing customer lists? If we had a pound for every email we are getting for us to make sure we don’t fall off email lists we would have enough to buy an enormous shoal of ‘one pound fish’. Take action, be creative, don’t fall foul of doing nothing, but think about why you are doing it and what benefit is is for you to remain in contact with your customers (see our post on customer value).
Don’t forget your Google Analytics! Update your ‘user and event data retention’ settings and once you’ve accepted the ‘The Data Processing Amendment’ you’ll need to ensure you have entered your company legal entity detail and also nominated a contact for ‘primary contact’, ‘Data Protection Officer’ and ‘EEA Representative’. No doubt these GDPR credentials will start appearing on Linkedin profiles, but I guess it’s a more official string to your bow than the ‘fire monitor’ label you’ve been burdened with for the last ten years!
‘Don’t panic Captain Mainwaring’, you’ve still got chance to prepare ahead of 25th May and if you need pointers on how you are doing then get in touch, especially if your website doesn’t have an SSL certificate…