September 15, 2019 in Data Protection

GDPR – The Myths and the Mess

GDPR and a padlock
GDPR and The Individual

When General Data Protection Regulation came into force in May 2018 there was much fuss and panic. The powers that be gave little practical advice. Packs of documents were advertised that were far more than a small business would need. IT people suddenly became experts in legal documents . Then of course there is the old faithful of documents being found on the internet.

The Result

Businesses say they have ‘done’ GDPR when it is generally a total mess. So where did it all go wrong ?

  1. GDPR is a new law . Being new there was little practical advice to go with it . As with any new law it needed explanation from people who understood law.
  2. Few businesses needed lots of documents and if they did they certainly needed someone with the expertise to use them.
  3. GDPR is based on certain principles and to comply you need to understand these as they apply to your business.
  4. GDPR documents also need to apply to your specific business and what you do . They need adapting as needed . It is not a question of putting the words in gaps in preprepared so called documents.
  5. GDPR is not just about documents. Proper compliance needs adjustments to your work practices and procedures. Staff need training. Employment contracts and staff handbooks will probably need amending.

So what is there to do apart from documents?

  1. Look at how your business works and ensure you are complying with the principles of GDPR. Understand what legal basis to process data applies to what you do- many do not.
  2. Adapt and amend your working procedures to ensure compliance
  3. Train your staff in the new procedures
  4. Upgrade your security especially online. Cyber-crime is rapidly increasing so does your chances of a data breach with all the problems that brings (including the GDPR ones)
  5. Register with the ICO if your business fits the criteria for registration.
  6. Make sure you and you staff know what to do if there is a breach or any GDPR issue.
  7. Do not sign any GDPR agreement sent to you by another business without fully understanding what you are committing to especially if they are a big powerful company.
  8. If you send data abroad make sure you have the right checks and documents in place.

So if you need a Review of what you have or to start from scratch please contact us