As I sit here preparing for a workshop I’m giving on GDPR next week I wonder how many people are hiding their heads in the sand and avoiding even looking at it.
With phrases such as ‘legal basis for data collection’ and ‘fines of up to €20,000,000’ it’s easy to see why small businesses like ours (and I mean small as in one or two people not as in ambition or imagination!) feel too overwhelmed to even take a look at the new regulations that come into effect on the 25th May.
But it really isn’t that scary (or overwhelming) and it’s important that we, just like the huge corporations out there, take the time to familiarise ourselves with the new legislation and get our processes and systems for managing our data under control.
Because ultimately, that’s all it is; being responsible for how we collect, store and use other people’s information.
I know I’m fed up of receiving emails (and phone calls!) from companies that have somehow gotten hold of my information. Information that should belong to me and that I should have control of. Just because my email address is on my website does not mean I should be bombarded with sales material that I have no interest in. Hopefully the new legislation should cut down on some of these intrusions into my life!
I’d also like to hope that the people to whom I give my information treat it with care and don’t leave it laying around for all and sundry to find it!
So, as a business owner, I need to make sure that I treat other people’s information with the same amount of respect. And that means ensuring that I have permission to use it; that I know where the information is held and that it’s as secure as I can make it.
And that’s really all the new GDPR is about. Yes the rules are more stringent than in the previous Data Protection Act but there has been such a monumental change in the availability of personal information and the ways it can be used in the last 20 years that it’s hard to see why they shouldn’t be tighter.
So it’s okay to take your head out of the sand and look at what’s going on with GDPR. It will take some work and an audit or two but it’s not the horror stories you may have read about and, who knows, it may just help you streamline your systems and make you more efficient in the process!