The world seems to have suddenly gone mad in a frenzy of consent collecting and privacy notices.
The EU General Data Protection Regulation (GDPR) comes into force on 25 May, which is hurtling towards us at some speed. This won’t have escaped your notice: we all suddenly find ourselves bombarded in both our personal lives and at work with information and panic about data protection.
The regulation is long and complicated, and trying to read and digest it serves as a pretty decent cure for insomnia. But the good news is that it (probably) isn’t as onerous or terrible as it might appear. And it certainly isn’t designed to stop any company carrying out its business.
If your company is fully compliant with the Data Protection Act, there’s a good chance you’ll be compliant with GDPR, or at least close to it. Unless you’ve been sneakily procuring dubious databases and scatter gunning marketing emails to every address you can get your hands on, or handing out personal contact and bank details to anyone who asks, you’re not going to be far wrong.
A good way to start ensuring compliance is to have a really good look at what data you collect, how you process it and why. You’ll most likely need to make some changes to your data protection policy and privacy notice. You might need to review your IT security and do a bit of training so that your employees know not to share other people’s personal information. What you don’t need to do is panic and delete the entire contents of your address book, or refuse to talk to anyone until they’ve given you their written consent.