Need some easy GDPR wins?3 Jan 2018
With the start of 2018, the big topic on everyone’s mind is GDPR. People want to know what they need to do and how they are going to do it.
Every business is different, but GDPR will affect us all. And because it will affect everyone, there are some fairly straightforward, “easy wins” that most businesses can do to help get themselves started on the road to GDPR compliance.
So our MD wrote up a short list of some of the global changes that businesses will need to make by May 2018, along with some tips on how to implement them.
This article can be found in the latest issue of Business Direction.
The preparation for GDPR is going to be time consuming and potentially costly for many businesses, but are there some easy wins for you and your company?
GDPR is the General Data Protection Regulation, a collection of stringent new data protection laws that are going to fundamentally change the way companies do business.
Helping companies prepare their data and their data processing procedures is a big money maker at the minute as there are just so many things that businesses need to consider.
It’s a fact that all businesses are going to need to carry out an initial risk assessment, but for now I don’t want to suggest that preparing for GDPR is easy, but there are some simple things that you can do as a business to give you a few easy wins:
One of the key parts of GDPR is making sure you are holding the correct data on a given person. If you have two or more instances relating to a single person there is a much higher chance that one or more of these will be out of date.
So do what you can to combine all these duplicates into a single record for that person. It will be easier to keep everything up to date and you’ll be able to fulfil you’re other GDPR obligations much more easily.
Checking for Outdated Data
Speaking of keeping data tidy and up-to-date, one of the other big ticket items in GDPR is not holding onto data you don’t need any more.
Go through your old spreadsheets and systems, look for data that you a) don’t need and b) aren’t even sure it is correct anymore (that’s a really big one). Provided you really really really REALLY don’t need this information for your financial and/or legal requirements, get rid of it.
Once GDPR comes into effect, you really don’t want to be holding onto old personal data.
Standardising your Data
This is a bit of an odd one, but is equally useful in reporting on the data you hold and making sure you are GDPR compliant.
If you use a particular field or column to categorise your data, saying whether someone is a customer or not for example, take the time to go through and make sure you are using the same wording for this information.
So using the example of a list of your customers, if you refer to them as “customers”, “customees” (because typos happen to everyone), “clients, “current customer”, and “current clients”, finding the information you need is quite a challenge.
I always advise people to standardise their data, not just because of GDPR, but just because it makes your life easier in the end.
Here’s one that’s been making the news whenever people talk about the changes GDPR is going to be bringing in. Going forward, you must have explicit consent for data processing, including sending out any marketing emails or other communications.
This could take a while for a lot of businesses. So my advice: get started. Now!
Contact your customers and ask them if they would like to receive marketing emails. Take notes and make a record of their agreement, disagreement, and the date.
But get started on it now because it will take time, maybe start on a short list or the simplest type of consent you require.
And then there’s the big stuff…
Once you’ve sorted out the smaller tasks and made a start on the medium tasks, you can get into the bigger work you’re going to need to do to prepare for GDPR.
You’ll be able to start documenting your data processes (if you haven’t already) and sort out your data retention tools. If you’re holding sensitive information you can get the access and protection of this data ironed out to meet your requirements.
There are a lot of moving parts, as they say, when it comes to GDPR compliance. But there are some smaller things you can do right now to get a jump start on the whole process, it’s certainly worth getting started.