Browsing through LinkedIn recently I've become rather alarmed at the number of people asking for advice, on a serious business issue.
'What can I do with my social media contacts when GDPR comes in force' or 'How do I get started with GDPR Compliance' are valid questions, but to put it out to Social Media is not the way to get the answer, but what worries me more is the replies these people have been getting.
'I'm just going to wait and see' is an alarmingly common one. The General Data Protection Regulation is a serious law with fines of up to £17 million or 4% of turnover, and if you are subject to a breach and have taken the approach of 'we'll wait and see what happens' in my opinion you are going to be hit with a bigger fine than if you'd show you've taken your responsibilities with personal information seriously.
Why am I writing this from an IT company?
We are increasingly being asked to 'sort out' the GDPR compliance for businesses, and whilst technology plays a role in protecting personal data, and we will certainly be involved in your GDPR Compliance, so will the rest of your business. From HR to Sales and Marketing you'll be needing to involve all those that access personally identifiable data. It is not just an IT compliance issue as many people seem to think.
Whilst your IT department are responsible for keeping systems running providing solutions to make data accessible, they will have almost nothing to do with the actual data stored in them. Some data may be completely off-limits (HR or Finance for example). Which means that they do not fully understand what they are trying to protect, and those working with it need to understand the new regulation and how it might affect the data they work with on a day to day basis.
Don't just wait and see.
A good starting place is the ICO's website, head over to sitn.it/gdpradvice to get there. Take the time to understand the basics and then if you need, seek expert help. Like most regulations, GDPR is not prescriptive, but guidance that is open to interpretation.
Yesterday the ICO also published this blog 'Sorting the fact from the fiction' which may dis-spell some myths
If you've started on your journey to GDPR compliance, what are your biggest headaches with IT. Let me know, as we all think it's very simple in our own little silos, but bringing it all together can be a challenge.