GDPR – separating fact from fiction
The new General Data Protection Regulation (GDPR) comes into force in May 2018. Awareness amongst businesses is increasing. However, whilst some companies are well on the way to updating their processes and procedures in preparation, the majority have either yet to start or are in the very early phases.
I’m confused – is this going to prevent ‘Business As Usual’?
A key concern of many businesses is confusion surrounding the implications. As the profile of GDPR has grown, so too has a perceived level of misinformation. It is something which the Information Commissioner’s Office (ICO), the government body which upholds data rights such as GDPR, recognises.
In response, the ICO has begun publishing a series of blogs to challenge some of the common myths about GDPR. They are designed to put the record straight and give business some clear guidance. Whatever stage you are at in your preparations, they are a valuable and easy to digest source of information.
What should I be doing now?
Even if your GDPR preparations are still at the early fact-finding stage, there is almost certainly no need to panic. For most small to medium sized businesses there should still be sufficient time to get ready for May 2018. However, with 9 months to go it is certainly time to start thinking about an action plan.
The ICO has published its “12 Steps To Take Now” guide. A link can be found via the ICO’s main page on GDPR:
The “12 Steps” set out key themes you will need to consider. It is not necessary to do these things at the same time, indeed that could be an overwhelming task. GDPR preparation is best approached as an iterative process. No two businesses are the same, so you will discover things as you go along which will in turn shape your priorities.
The key thing is to start in a sensible place
One such first step could be to begin by documenting what data you hold, where it came from and with whom you share it. Once you understand what you have and why you have it, you will have context.
When it comes to looking at some of the other “12 steps”, this will be a valuable point of reference. For example, “Step 7” requires you to review how you seek, record and manage consent. Before you can carry out that review and see if you need to make changes to comply with the new legislation, it is vital to know what you are doing today.
Evolution or revolution?
Businesses should not lose sight of what GDPR is about: greater transparency, enhanced rights for citizens and increased accountability. Whilst any new legislation has some sort of impact on resources, GDPR is an evolution of existing data protection laws. Therefore, many of the requirements are things businesses should already be doing with their data.
Far from being anti-business and simply a burden, GDPR is also an opportunity for organisations to build levels of trust amongst their customers by demonstrating that they handle data fairly, securely and responsibly.
How can EasylifeIT support me?
Preparing for GDPR is partly about understanding the legal requirements, but it is also about understanding what data you process and how your business takes care of that data. It is this second, technical, element where EasylifeIT has specific skills and experience. We also have partners who can provide expert knowledge on the legal aspects.
GDPR scoping audit
EasylifeIT is offering a ‘GDPR scoping audit’ to help clients, particularly those looking for a structured way to get started. Our consultants can assist you in developing your action plan, separating fact from fiction, or simply provide resource if you don’t have the time to commit yourself. More details on the audit can be found on our website via this link: