GDPR - Avoiding the Wild West!

10 Jan 2018

GDPR - Avoiding the Wild West!

It's not 2013 anymore...

We all remember a few years ago when lots of “Social Media Experts” popped up and wanted to manage your social media for you – it was a veritable wild west of cowboys out to take your money, with varying levels of experience and delivery.

Ironically it turns out the guy who promoted himself as a cowboy has panned out to be one of the best…. Todd walked the walk and did the delivery and he's well known in 4N now, years later.

But, what happened to all the others? Largely, when they realised the bandwagon wasn’t quite big enough they fell off and left their customers high and dry.

GDPR is the New Social Media.

Most of you will have heard of GDPR – it’s the new EU General Data Protection Regulation which comes into effect on 25th May 2018. It’s got some teeth and we might all have to do things a bit differently if we want to comply with the new law.

It’s actually a good opportunity to set yourself apart from competitors and show your customers you treat their data seriously – you know, the same way you’d want your own data treated!

But, with change comes experts. Lots of them. They can take your money and tell you how to make sure you're GDPR compliant… in that order.

I’ve seen no end of people pop up as newly “minted” EU GDPR Experts, in the hope of becoming figuratively minted too. I’ve even seen some of the advice these people are giving and questions they are asking… wow.

Spotting The Cowboys

Now, not all folks giving GDPR advice are duff – and unlike social media I’ve not seen one wearing a cowboy outfit outright yet. So, here’s some tips to spot folks you really shouldn’t take GDPR advice from:

  • ICO Registration – are they registered with the Information Commissioner’s Office and does their registration include “Consultancy & Advisory Services”. Check here:
  • Experience – The obvious one… GDPR became a thing in roughly Dec 2015, look for people with experience in Information Security & Data Protection which pre-dates this. What experience have they got with the Data Protection Act 1998? The GDPR is new, but it is rooted in the existing legislation!
  • Wider Experience - It's not just GDPR which affects how you handle data, and what does the expert know of other rules which might affect you? For example, eMarketeers will need to know about PECR (Privacy and Electronic Communications Regulations) too.
  • References & Testimonials – Ask them for some references specific to Data Protection / Information Security; but be wary that the references aren’t from related companies.
  • Talking About Fines – If their opening gambit is fines (and GDPR does bring some) then they are selling fear and generally won’t be that helpful. Plus, the ICO has said publicly that fines won’t be their go-to tool in helping organisations with GDPR.
  • You Can’t Do It Yourself – We’re lucky in the UK, we have one of the best national authorities in the ICO. They’ve got tonnes of tools to help small and medium companies comply with GDPR, as a small company you can likely do it yourself. Of course, you may choose to get some help, but if that help is saying you can’t do it yourself be worried.

So, DO make sure you are taking GDPR seriously and putting everything necessary in place to comply with it, but DON'T PANIC by rushing into the arms of the first "GDPR expert" who wants to take money from you!