As we head towards GDPR day – May 25 – the number of scare stories about the new regulations seems to be spinning out of control.
The latest story claims half of businesses expect to be fined under the new rules. It is based on a survey which suggests businesses have put money aside in anticipation of a fine. In addition, we’ve heard of some sole traders who are so concerned about the regulations, they fear that they will need to close the shutters on their business.
The problem here is one of perception. Businesses may well be so worried that their way of dealing with the new regulations is to put money aside. But will they really be fined and does putting money under the mattress really help? The ICO has been clear on so many occasions – fines will be the last resort.
The regulations are there to protect personal data and there is nothing wrong with that. We know companies have abused our data in the past. That includes selling it to third parties and sending out spam emails. If you protect and manage your client’s personal data with respect, there is no reason you will be fined.
This is simply a matter of taking the right steps to set up a robust system to safeguard that data. These are three things you can do now to avoid sleepless nights:
- Find out what personal data you hold and why you have it. We really like this article that was written by the Information Commissioner for the Isle of Man back in 2016, which explains some simple steps that you can take to identifying the data that you have.
- Understand the system you have in place (if any) to ensure that data is kept safe e.g. who has access to it, does it ever get shared and if so why. Readers of our blogs will know that we recommend the Cyber Essentials scheme as a great first step. This will show your clients you are serious about protecting their data. Many big companies now will only deal with SME’s who have certifications in place.
- Be sure you can prove you have done everything possible to safeguard that data. Whilst you may have the best systems and processes in place, they are useless if staff know nothing about them, or you hand over your data to a 3rdparty who isn’t going to look after your data asset as if it were their own !
Look for trusted advisers. The Information Commissioners Office, the Direct Marketing Association and the Federation of Small Business are all providing advice and guidance. Or alternatively, if you don’t want to wade through lots of literature, then look for a consultant who can help you through the maze. We’ve teamed up with some IT Managed Service organisations and specialist HR support to give our Clients a holistic, one stop solution. We will walk you through the process and set up a robust system which will set your mind at rest. Use GDPR as an opportunity (yes OPPORTUNITY!) to reconnect with staff, Clients and suppliers.
Sorting the fact from the fiction with so many frightening headlines is not easy. Rather than hiding under the covers or squirreling money away, take action now. We’re helping businesses from accountants to logistics firms to be GDPR ready. It’s neither as onerous, time consuming or as expensive as you think; and no, GDPR will not make you fat.
Helen Barge is MD of Risk Evolves. Helen has worked in the IT industry since 1986. Helen is a leader in the areas of risk management and operational improvement, and works with companies in senior governance, risk and compliance roles. She is a member of the British Standards Institute and is a member of the BSI Committee creating a new guidance standard to assist organisations on how to become cyber resilient. Helen and the team at Risk Evolves work with organisations to improve their resilience through stronger process implementation and better communication and education of staff. Helen is also a mentor on Warwick Science Park’s Business Ready Programme where she advises tech-based businesses on subjects such as GDPR and risk management.