GDPR - Your Compliance and Opportunity

23 Jan 2018

GDPR - Your Compliance and Opportunity

There is so much chatter on the wires about GDPR. Conjecture, misinformation, scaremongering, but of course, also some good and important articles.

My own journey along the GDPR road started with a tacit interest, that quickly grew to a realisation that I had to get to know about this stuff! Why? Quite simply, I was running my own business in which I needed to be compliant with the GDPR, but also I was supporting and advising clients in their businesses. That meant I was talking to them about the personal data they held on their clients, patients, and prospects.

When I started to engage, I found that the 3 elements above (conjecture, misinformation and scaremongering) were widescale! I had to cut through this as I had a 'Duty of Care' to advise my clients correctly on the changes from the current Data Protection Regulation to the GDPR, come May 25th, 2018. The answer was to train and upskill. I was so interested in the subject following my first one-day foundation course, that I quickly signed up for the full practitioner course (I was actually on the same course as Craig Parsons). I am now proud to say that, following the successful completion of the course and by way of passing the exam at the end, I am certified as an EU GDPR Practitioner. Of course, my first project was to weave the GDPR into my own business systems. That was completed over the Christmas and New Year break!

On January 19th, I completed my first of a series of three local 4Sights on the subject of the GDPR at Cheadle. The next will be Stockport on the 26th of January, followed by Macclesfield on the 31st. They are titled '10 THINGS YOU NEED TO KNOW ABOUT THE GDPR'. I have to admit, it is a challenge to fit this complex subject into 20 minutes!

The main takeaway for us ALL must be that the GDPR impacts every business that 'processes' personal data, the definition of processing in relation to the GDPR is:
Processing, in relation to information or data, means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including –

(a) organisation, adaptation or alteration of the information or data,
(b) retrieval, consultation or use of the information or data,
(c) disclosure of the information or data by transmission, dissemination or otherwise making available, or
(d) alignment, combination, blocking, erasure or destruction of the information or data.

So regarding COMPLIANCE... Yes, it does affect every business in the UK that controls, or processes personal data of data subjects of the European Economic Area (EEA), but this is to varying degrees and I believe that it does not have to be cost prohibitive! It is feasible for a small non-complex business to follow the wealth of advice available at the Information Commissioner's Office's website and self-implement.

If assistance is sought, then I am currently putting together a series of workshops (Feb/Mar/Apr) where attendees can follow the provided 'Implementation Roadmap' and tick off specific tasks that are necessary for compliance on each of the days. 

On the subject of OPPORTUNITY... I would say, 'Take it'. What do I mean by that? I mean that if you care about your clients, patients and prospects, then surely you care about their personal data. So TELL THEM! Tell them how you protect it and that your relationship with them is important to you. Remember, they, as the 'Data Subjects' have many more rights under the GDPR. Information that can identify them, or make them identifiable has to be controlled via the 6+1 principles, which are as follows:

Personal data shall be:

  • Processed lawfully, fairly and in a transparent manner
  • Collected for specified, explicit and legitimate purposes
  • Adequate, relevant and limited to what is necessary
  • Accurate and, where necessary, kept up to date
  • Retained only for as long as necessary
  • Processed in an appropriate manner to maintain security

All the above are wrapped in the + 1 principle, which is ACCOUNTABILITY!

I could write reams and reams, but you don't want that and in all honesty, neither do I!

So, whether you're interested in the workshops, confused, worried or even relishing the opportunity to implement the GDPR into your own business and you'd like a straightforward, no-nonsense, honest chat, about how to navigate cost-effectively through to GDPR compliance, then either send me a message, or call me on 07584 436272.

Graeme Hartley