Before you start reading this I want to say loud and clear ‘I AM NO EXPERT ON THE NEW General Data Protection Regulation’!
So, having said that, I am now going to point you to a REAL expert on this subject – UK’s Information Commissioner, Elizabeth Denham.
In this country you don’t get much higher on the list of people who understand the journey for, and the process through which, small businesses will have to travel to comply. In a recent letter written to the Federation of Small Businesses, Elizabeth Denham put the whole business into perspective.
I, like many for the last six months, have been panicking about the whole onerous process, tying myself in knots trying to understand how on earth I could comply when the likes of Google are still bashing it about. Worse, the process hasn’t even been fully tested yet and it’s APRIL; just a month to go before all my policies and procedures need to be updated.
I am old enough to remember the introduction of the Data Protection Act in 1988 and as a young(ish) nominated data protection officer I bore the burden of working through compliance then. Did we all get fined the first time we got it wrong then? No. And according to our Information Commissioner, The ICO are not here to beat us this time either – they are here to advise and help us to get it right; just as they did back in 1988.
This is a comforting message amongst all the scaremongering that has been going on.
Do we have to try to comply?
Yes of course.
Can the ICO tell us what to put in our policies?
No they can’t – but they have given us an 8 Step Plan to help us get there – and it is full of common sense!
So, here is the real expert on GDPR and the department that will enforce it in the UK – pop along to this website link and stop panicking; we are all in this together and to be honest much as we all hate more red tape – we live in a data sensitive world and it is high time we managed it better.
And if you want to read the Commissioners myth busting letter – here it is:
Best of luck everyone – remember this is just an extension of what we are doing now for the Data Protection Act and as just about everything we know about people is also online now – it is a natural progression.