In case you missed it, May 25 has come and gone, bringing with it the EU General Data Protection Regulation (GDPR). Over the past week, corporate mass panic has caused a spam “storm” of updated privacy notices and ‘do you want to talk to us’ emails. Ironically, the public is receiving notifications from organizations they never signed up with in the first place, or don’t remember giving their information to.
The flood of communications should wane this week, but it’s not over people. This is only the beginning for GDPR.
Just Like Christmas Without the Gifts
While we’ve collectively talked about GDPR for a long time, it’s also come relatively, rather like that feeling when you realize Christmas is only FOUR weeks away and you haven’t started any shopping yet! If GDPR was like going to a movie, we’ve only just finished watching the trailers. Quick, the opening credits are about to start, it’s here and in-force!
What if you’re still not ready for these changes? Well, according to the Information Commissioner’s Office (ICO), don’t panic! Louise Byers, head of risk and governance at the ICO, stressed while speaking at the IRMS Annual Conference 2018 that “Friday is a beginning and not the end. The GDPR is not Y2K” for those that will not be compliant. Take a grown-up approach and make attempts at taking your corporate data seriously.
Why is this significant? Well, it shows that the ICO is on your side. They are not evil as some of the scaremongering would suggest, or desperate to get hold of 2-4% of your corporate revenue. They understand that businesses and organizations need time to adjust to the new regulations and how these fit into their daily practices, particularly since the concepts of GDPR go against the general trend that data is ephemeral and ‘another storage device will do.’ It is not only a business change; but, importantly a mindset change.
Building Public Trust and Confidence
This is all part of the ICO strategic plan to increase the public's trust and confidence in how organizations store their personal data and make it available. Their benchmark research conducted in August 2017 showed that only 20%—or one in five—of the UK public have trust and confidence in companies and organizations storing their personal information. This should be a genuine concern for businesses. If you care about your customers, you should care about their data and take steps to protect and manage this effectively. This means putting processes and systems in place to manage this data.
We pride ourselves on helping companies protect their information and customers, and we have a long pedigree in the information governance and data governance space, long before GDPR was even a ‘thing.’ We’ve helped hundreds of customers try and locate that ‘data needle’ in a very messy haystack, exactly what you’ll need to achieve with subject access requests from your customers. We’d prefer to focus on saving you time and money, not only in terms of avoiding fines but also on internal manpower and efficiency.
The GDPR is here to stay and the world is quickly catching up—expect to see more data privacy laws follow suit in other parts of the world. Let’s together ensure that your business doesn’t end up as plot material for the sequel!