Don't Panic!
25 May 2018
Are you GDPR ready? More to the point, are you sick of being asked if you’re GDPR ready? The plethora of talks, emails and conferences titled with this trite question probably have numbed you to the alleged urgency of GDPR implementation in your organisation.
In fact, it could be said that titles like this are somewhat deceptive. They invite the inference that there are universally applicable GDPR criteria, which, upon fulfilling, make an organisation ‘GDPR ready’. These titles imply that this event or that blog post can give you the secrets of compliance.
While GDPR certainly requires action, the fact remains that it is a principle-based piece of legislation. This means that, in reality, only companies and organisations themselves will know if they are GDPR ready. It is true that practices will need to be adopted and attitudes to data handling require re-angling, but GDPR instructs companies to create processes specific to their organisation that will ensure data is treated in the appropriate manner. There is no silver bullet or panacea (or any exciting metaphors pertaining to GDPR compliance, for that matter). The barometers of success will be the strength of your own justifications of how you comply with the law.
From the off, the main principle the ICO will be looking for is accountability. We know from the recent data protection conference that, as long as companies take thought-out steps to apply the legislation and show their working, the ICO will not be looking to prosecute or fine. They will offer guidance before slapping wrists.
What’s more, the ICO said they don’t actually expect full compliance by the deadline. This doesn’t mean you can implement GDPR at your leisure, but it does mean that the ICO might be sympathetic if your business takes a little more time to build in all processes for valid reasons. You must prioritise areas that pose the greatest risk to people’s personal data.
Furthering this point, one of the speakers at the ICO conference cited the Billy Connolly joke in which two men in the jungle find themselves being pursued by a lion. When one stops to put on his running shoes, the other cries in exasperation “Running shoes won’t help you outrun a lion!!”
“No, but it’ll help me outrun you” comes the reply.
This is to say that keeping out of trouble means moving with the crowd. This isn’t just to do with compliance, though. Before too long, compliance will be necessary for keeping up with business trends.
Indeed, looking forward, it is important to see GDPR as a solid basis for the future of data protection laws. The fact is technology today increasingly relies on data to work. Data is the fuel for smart home devices, social media sites and other AI technologies. Yet when people don’t know why their information is used or in what ways, they are much less likely to use products or services.
DMA research found that 88% of people in the UK want more transparency around how their data is used. It is evident that customer retention will require transparency. Showing exactly where and how customer data is used and giving real control to the consumer is a gesture of trust. While GDPR compels companies to hold out this olive branch now, those who take its principles and run will be the ones who secure their longevity.
When compliance efforts are completed and practices become the norm, we will soon look with horror upon the pre-GDPR days of opaque privacy policies and data grabbing. In this sense, GDPR is as much a change of perspective as an overdue update of the law.
As a leading voice in the data and marketing sector, the DMA has played a large role in the rolling out of GDPR across the industry. The DMA’s guidelines on consent and legitimate interest are available for all now and our profiling guidelines will follow shortly.
Please login to comment.
Comments