“More red tape – just what we need!” said the medium-sized business owner, never. Whether we like it or not the General Data Protection Regulation (GDPR) is looming ever nearer, May 25th next year to be precise. We at Addooco have noticed much spin and scaremongering around. Of course, businesses need to understand what GDPR is and prepare in advance. In reality, its guiding principals are in-line with how professional businesses should already operate.
In the first few months, an adjustment period of some sort will, almost definitely, be required. A learning curve will be required for all, it is worth remembering that GDPR will be ’living document’ subject to constant change. Huge fines for small businesses that are demonstrating good practice are highly unlikely, particularly in its early days. After all, this legislation is being implemented for all the right reasons and the ‘carrot approach’ will most definitely be favoured over the stick. Still, GDPR is an important topic and business leaders should make sure they seek the proper advice from the right channels.
NOT an IT Issue
Contrary to popular belief, GDPR is NOT an IT issue. Though, of course, there are aspects of IT that interlink. However, the majority of GDPR surrounds strong processes and an awareness of its existence throughout the business. Disappointingly, there has been a concerning number of IT companies jumping on the coattails of GDPR, in what we see, as an irresponsible manner – whether they realise it or not. Unfortunately, there appears to be a desire, within certain sections of our industry, to make a quick buck. Some appear to profess as an authority on GDPR, but only peddling half a wishy-washy story. Presumably, this is with a view to selling more data-storage, backup, business-continuity, antivirus, firewall solutions. Remember, this legislation is about data protection not specifically cyber-security.
To be clear an IT provider should have some involvement in clients’ GDPR preparations, with aspects relating to data-storage, management and indeed cyber-security. However, there is much more besides and IT providers need to act responsibly.
Getting the Correct GDPR Advice
Addooco has established a partnership with a highly regarded dedicated Data Protection Consultancy. Together, we will help you understand GDPR in its broadest sense. Audits and readiness assessments are offered alongside more informal advice depending on the specific requirements of your business. WE will cover things like, when a business requires a Data Protection Officer, defining and implement consent mechanisms and understanding data subject rights including the Right to be Forgotten. Other associated legislation will also be covered such as the e-Privacy Directive and its relationship with GDPR. Another good source of information is the Information Commissioners Office website. Get prepared, but make sure you prepare properly.