What is GDPR?
It stands for General Data Protection Regulations and is EU wide legislation. It comes into force on the 25th May 2018.
Having recently attended a seminar and followed various threads on Social Media there still seems to be a lot of confusion and uncertainty around the concept of GDPR. Providing you have stringent policies in place for the Data Protection Act (DPA) GDPR should not worry you unduly, as it builds on what you already have in place. Some of the questions I am seeing are around how do I manage the data I already have? Other comments include I am only a sole trader, so it won’t affect me.
To me the former will depend on how you signed people up, did you pick up their business cards and add them manually or did you get them to sign up to a newsletter using a double opt in?
Perhaps more worryingly is the comment I am only a sole-trader, so it won’t matter. In response to this would you leave your children unbelted in the car? No, I thought not, so why take a chance with this? There are plenty of resources out there, both paid and free as well as people claiming to be experts. Personally, I don’t sign people up to newsletters, but many small businesses do. For me, consent jumps out. There is a much greater emphasis on how you gained consent and the need to record how you gained their consent and the rights of the individual.
I have read plenty on the subject but for me the ICO guide Preparing for the General Data Protection Regulation (GDPR) 12 steps to take now jumps out as my go to information.
This is what I have been using to prepare myself and the organisations I work with. However, clarity is still required for certain aspects and I for one will be looking out for updated information.
My strategy for GDPR is don’t panic and look around for the answers you need. The ICO have recently set up a dedicated helpline for small businesses.