The GDPR deadline has come and gone. Some businesses are sitting smug in the knowledge they are all sorted. Others might be hoping they can slip under the radar. Whatever position you find your business in you will be reading this because you know the GDPR story has only just begun.
What does GDPR mean for your business?
Basically it means a different approach to business. Firstly, the Internet and digital marketing in general transformed how we went about selling and buying. Secondly, people seemed to forget the rules that had existed pre Internet and anyway, the legals haven’t really caught up with technology. Thirdly, we were all very quick to give away our data for a few baubles and ribbons. No one really thought about the consequences of giving our data to all and sundry. Finally, big companies started to experience data breaches. It’s only then we realised that companies who sold our data on or didn’t take good care of it, could lead to identity theft and other undesirable consequences.
Our data security was treated with contempt
Our data is worth a lot of money. We finally understand just how valuable we are to companies like Facebook for example. We can’t blame them for selling on our data to fund the services we all demand. Let’s face it nothing is every free. Now that this sociological picture is so comprehensive and people can predict what we are going to like, think, do and even how we might vote, we now know data really means something. It is a hot topic and can actually cause the demise of businesses when it’s handled badly. See what happened to Cambridge Analytica back in April 2018.
GDPR is the right response
So, the hype of 25th May 2018 has settled down; what next? Some businesses think they are through the finish line and there’s nothing more to do.That is NOT the case. Here is a list of things your business needs to tackle to remain compliant.
Ongoing GDPR business compliance checklist
How is your company doing?
- Ensure all customer data is properly maintained.
- Records need to be kept on all personal data – where it came from and who it is shared with.
- Ensure new employees are aware of your GDPR policies and procedures (Including staff awareness training)
- Dealing with SARs (Subject Access Requests)
- Ensure due diligence is carried out on new suppliers (3rd Parties) that will process your Personal Data.
- Address privacy and security risks + ensuring your processes are fit for purpose
- Data Breach and Incident management
- Risk Register review
- Data Protection Impact Assessments and Project involvements
- Continuous Security Testing (Scanning etc) + Ensuring all software is kept up to date, hardware is maintained, personal access
- Frequent review of all policies
- Erasure of Personal data as per Retention Policy
- Monitor GDPR regulation changes
Meet the GDPR Tracker
This might come as a shock to some people. Therefore to get under the skin of this topic I interviewed Hitesh Mistry, a business owner and software developer and the brains behind GDPR Tracker
I asked him why he had developed this software. “I knew that GDPR was going to cause much confusion amongst business owners. The larger companies were probably going to employ a Data Protection Officer (DPO) and handle things in a systematic way. However, I was worried about smaller companies and entrepreneurs that think GDPR doesn’t really impact on them. I wanted to deliver a SAAS product that would remove the headaches from a) becoming compliant by 25th May 2018 and b) ensuring all data activities going forward remained compliant.”
What are the benefits of using a service such as GDPR Tracker?
” I know that business people just want to get on with running their businesses, but I believe GDPR actually makes us look again about how we do business. For example if you can brand yourself as being 100% GDPR compliant that is actually a differentiator. If you can ensure your business network is 100% GDPR compliant then it means that you protect one another. It also proves that you value your customers and are prepared to take on your legal requirement and more so that you look after customer data. Really it’s a different way of working. We shouldn’t see it as a chore because there are long term benefits for everyone.”
What does the future hold?
I know many people will not be thinking about the future but the ICO are not interested about the size of a company all they want to know is whether you comply to the legislation. You either do or you don’t; it’s that simple. Therefore our advice is to act now rather than later. It’s a great time to review your datasets and see whether they really are as valuable as you thought.
If you are still wondering how to tackle the GDPR legislation we can help you
It’s no point burying your head in the sand. With a small investment you can ensure you keep up with all changes and manage your GDPR responsibilities without going crazy. We’re here to make the process much simpler for everyone. We understand that the process is ongoing and it’s one that should not take up too much of our precious business time so Contact us today and let’s get this GDPR code tackled today and forever.