The topic is as broad as it is long. It affects anyone in business who acquires, processes and stores client data. Yet many businesses on both sides of the Channel are not yet prepared for it. It is a topic that none of us can ignore and we will all be required to review our processes and be ready for May 2018.
Over recent years we have all seen the damaging effects that leaked data has. Take a look at the list of big data breaches on wikipedia. Technology has become sophisticated, and so has the ability to hack, along with companies sloppy attitude to data protection. The new rules will seek to impose huge fines on companies who fail to comply within the new rules and act in accordance with those new rules.
Let us not forget that Data Protection Acts and laws exist in all countries, it just might be that your business has not taken data protection seriously. The new incoming regulation requires all businesses to take stock and take responsibility.
You will be required to review your data processes? How do you acquire it? What do you do with it? How you will use it? Is it safe and have you got permission? The crux of it is only collect data that you need and keep it safe and let customers know what you are using their data for, and give them the ability for it to be removed when asked to do so.
As businesses we are all interconnected to tools and technology and we will have to give consideration to: websites – site security, online payments, e-commerce, marketing, use of 3rd party email newsletter providers, mobile. Who are your suppliers? How compliant are they? If they are not and there was a breach – how does that impact you and your customers? What customer data do you keep at home? How are these protected?
For some readers you are both a business owner and a customer. We are all someone’s customer. Banks, mobiles, fidelity cards, utilities. Many of us deal with companies not just in the European zone but also with countries outside of the EU, all of which will have to comply at some level to GDPR requirements. With this new regulation are new improved rights for each of us. As a customer you have a right to portability, rectification, erasure and removal.
You might be thinking this is all too much and how on earth do I go about getting my business ready for GDPR.
- In France visit cnil.fr for their notes, regulations and process guidance
- In UK visit ico.org.uk for their notes, regulations and process guidance
- Speak to your website builder/developer/host
- Speak to suppliers and other 3rd party providers
- Speak to Chambre de Commerce, Chambre de Metier – do they have information/courses available?
- Speak to other business owners – what are they doing? How are they doing it? Get the dialogue going
- Download via Amazon Kindle GDPR Fix it Fast by Patrick O'Kane – a quick and easy read plus some extremely useful notes as to why and useful templates to follow