Even in this post-GDPR era, the news is full of data security breaches. This checklist is a practical starting point for resolving common vulnerabilities.
Since the formal adoption of GDPR in 2016, the internet has gone into overdrive – resulting in the circulation of a whirlwind of privacy and data-related material and information. And, as with any change of this magnitude, the endless pontificating and speculating has led to the creation of myths, misunderstandings and false conjectures.
But with 25 May 2018 – the date GDPR comes into effect – creeping up on us, we thought it was about time to set the record straight. We’re here to debunk a few popular GDPR misconceptions, helping you prepare thoroughly for the big day and the brave new world of GDPR.
Misconception 1: GDPR only affects those in the EU
There’s a multitude of information in the public domain about GDPR. Yet much of the coverage talks about EU data processors, thus painting the false picture that GDPR only impacts EU countries.
We’re starting to lose count of the number of times we’ve heard: ‘But we’re a US company – GDPR doesn’t apply to us.’ Or: ‘Surely we only need to do this until after Brexit?’
To be completely clear, GDPR does not relate to the country where your business is based. The overarching aim of the new regulation is to protect the privacy and rights of individuals residing in the EU. Thus, it’s not about citizenship, nationality or whether you’re located in a country that’s part of the EU – but whether your business processes EU residents’ data.
What’s more, this fundamental protection of human rights will still apply after the UK departs the EU.
In addition, it’s not just a question of thinking about your customers. You should also consider companies you deal with that are based outside the EU – and ensure that you’re working with forward-thinking businesses that keep up to speed with the latest rules and regulations.
Misconception 2: There will be a grace period
GDPR is set to be an ongoing journey for many organisations. After all, identifying and implementing strategies to deal with arising privacy and data issues will continue well beyond 25 May of this year.
However, that does not mean that – in the days, weeks and months following the deadline – it won’t really matter whether you’re fully prepared. And that brings us to the second misconception that (worryingly) still appears to be in full flow. Sorry folks, but there’s no grace period when it comes to GDPR.
The reality is that you’ve had the last 2 years to prepare. 25 May 2018 is when GDPR comes into effect. On-boarding period started in May 2016, and the regulation has been on the horizon for 3 years.
But we’re not trying to scaremonger. Delve into the terms and clauses of GDPR, and it’ll soon become clear that the regulation essentially builds on data privacy and security principles that you’re most likely already adhering to.
Provided you’re up to speed with the Data Protection Act that’s been in force since 1998, you shouldn’t have as far to go to get GDPR compliant. What’s more, the ICO have made clear that they’ll take into account your ability to demonstrate accountability as well as your willingness to engage to resolve privacy issues.
Ultimately, it’s all about knowing and understanding the data you hold – and being able to justify it.
Misconception 3: GDPR makes it harder to communicate with customers and clients
GDPR has been maligned for many reasons, but perhaps the criticism levelled most frequently at the new regulation is one expressed by marketers and those in customer experience. Their fear? That GDPR will negatively impact relationships and communications with customers and clients – essentially, that it will make everything harder.
Happily, this couldn’t be further from the truth. And here’s why.
First of all, it’s worth remembering that the new legislation doesn’t just affect you. It applies to your clients, partners, stakeholders and customers.
What’s more, when everyone becomes more transparent with the use of customer data (as compliance requires), it makes it easier for you to communicate with other business and customers.
This, in turn, means you’ll be empowered with the tools you need to deliver a streamlined customer experience.
Thus, GDPR offers a competitive advantage to those businesses who put in the ground work to get it right.
More guidance available in our GDPR webinar
If you’re still feeling underprepared or worried about GDPR, never fear. Myself and Marek Marek Zakrweski, our Data Protection Officer – recently hosted a webinar on this very topic.
Packed with guidance and useful information to ensure that your business is fully prepared come 25 May, the webinar primes you with the customer experience enhancing possibilities that GDPR presents – and outlines how we can support you on your journey to compliance. Watch the webinar now