DP2017: GDPR is an elephant

One of the most experienced of his professional skillset, Richard Merrygold is Homeserve’s Director of Group Data Protection. So, fittingly, was the ideal speaker on how to manage data protection in one of our series of talks at the DMA event in London this week.

Coming from a background in healthcare, pharmaceuticals and finance, Merrygold now heads up all-things-data with Homeserve, which is a home assistance business.

Break it down

"The GDPR is the largest piece of regulation I have ever seen," says Merrygold, "The starting point is working out how to tackle it and that means breaking it down into manageable chunks."

With the analogy that the GDPR is an elephant, "It is a very large and lives for a very, very long time." Merrygold addressed the vast levels of information that the process involves, suggesting companies "Break it down into workpacks – go through the body of it, the regulations and articles, then start finding the bits that match together."

"Figure out where pieces cross over and where you can batch them into groups, then prioritise."

Suggesting a high impact, medium impact and low impact split, Merrygold recommends the following categories as a way of organisation:

• Consent and direct marketing
• Contracts and liabilities
• Data protection impact assessments
• Transparency and accountability
• Data mapping
• Profiling
• Right to be forgotten
• Employment processing
• Right of access

"Find out what’s important to how your business operates and go from there."

Fear and fines

"Focus on the benefits rather than the fear of fines," says Merrygold about the recent news of TalkTalk losing £60 million in revenue, "They lost 95,000 customers and had one extremely clogged up customer service. The impact of getting this wrong goes far, far beyond fines."

"Fines should be at the bottom of your list for things to be worrying about. Be more worried about your company image taking a real kicking, the enormous cost of clearing up your system afterwards and even the possibility of getting sued."

"This is the perfect opportunity to see exactly what it is you’ve got, and tidying up your system."

Talk to each other

"There is no piece of software you can buy, nothing will be able to do this for you," states Merrygold, "The only way to do this properly is to learn from others and then embed that into your organisation."

A firm believer in the value of communication, Merrygold urges companies to "Talk to one another, you’re all in the same boat. You want to be compliant and you want to protect your customers and so does everyone else."

"Stop looking at the 28^th May – it really is just the beginning."