News & Articles
ARE YOU READY FOR GDPR?
With GDPR just around the corner is your company prepared? we have been preparing our members over the past few months on what to expect on May 25th and how best to prepare your business, see below what you should and shouldn't say during a conversation revolving around GDPR
DON’T SAY | DO SAY |
GDPR? What is that? | I know about the General Data Protection Regulations, and how it will affect me |
No worries, the EU regulation will need to be transposed into national law | As the GDPR is a regulation and not a directive, it is immediately applicable to all EU member states, and yes that includes the UK even after Brexit |
I hear that various EU countries are currently debating their own new data protection laws | National laws may supplement GDPR, where permitted, however, GDPR remains the core law |
I’m sure I can wait a little while, there must be a grace period | The regulations came into date in 2016 and organisation have had two years to prepare themselves already |
It doesn’t apply to me, I’m not a big company | It applies to all organisations, even public authorities! |
This is an EU regulation, due to Brexit we are not now going to be part of the EU | Even due to Brexit, GDPR law will apply to the UK |
I do not hold “personal” data | I hold and use personal information of my employees, clients, suppliers, service providers and users etc. All companies will hold something resembling personal data |
I hold no personal data, I only hold business data | Even contact details of corporate clients are covered by the regulation of personal data |
I am not doing anything bad or interesting with this data | The regulations require me to implement a set of compliance measures and tools, regardless of how I use the data. |
I will not be ready for 25th May, there is no use even trying | It is never too late to start, as long as I am seen to have started my GDPR journey, it will stand me in a better light with the ICO |
I missed the deadline, and nothing happened, there is no hurry, I will deal with this when I have time | Some compliance is better than no compliance. Showing that you have started work on the project is better than showing nothing. You never know when a data complaint that could come in resulting in a serious fine. |
I am just going to use standard material borrowed from other companies or found online...that will be enough | I know that complying with GDPR is not a checkbox exercise, it will require me to analyze our own data and specific strategic thinking for my organisation |
I will recruit someone new to carry out this task | I will need someone who is reliable and knows the company but also with the appropriate skills, let'S avoid false economies. |
I will delegate…my responsibility | I will be accountable and can only delegate the work and not the responsibility. I need to be involved |
I will appoint a DPO (Data Protection Officer) who will be under my full control. I can even use this opportunity to shift my responsibility over to the DPO | I will verify if I need to appoint a DPO. If needed, I understand that this person must be independent. This role is to inform and advise us, to monitor compliance and act as a contact person. The responsibility for compliance will remain within the organisation. I can also contact the ICO for more info. |
I do not want to spend money with no return on investment! | It does not pay to be penny wise and pound foolish! I will use this opportunity to improve our business processes and to leverage more efficiently my databases (It is a great opportunity to have a data cleanse on what data we hold and what we don’t need) |
Seriously, what is the risk of non-compliance? Very limited surely! | I would rather avoid the consequences of non-compliance. Sanctions by EU data protection authorities may prevent me from using my database for my core activities or even materially impair me financially (as sanctions can go as high as 20 million or 4 % of global turnover) in most cases it will cause damage to reputation and can incur criminal liability. |
For more information contact my colleague Luke on luke.palmer@ga-uk.org or speak to the Information Commision office who are best placed to guide you.