GRPR 100 days on

We asked Dominic Cullis, CEO, GDPR Academy about GRPR 100 days on. Dominic is also an acting Data Processing Officer.

What has been the impact so far of GDPR on businesses and on consumers?

Many organisations got it wrong and sent out numerous emails requesting consent to continue marketing to their prospect and client list.  In many cases these were unnecessary because the organisations had a legitimate business relationship with their clients or prospects on marketing databases had already provided consent and been given the opportunity unsubscribe in earlier mailings.  This had a negative impact on the introduction of GDPR, legislation that has been introduced to protect the rights and freedoms of individuals.

Early figures suggest 82% of SMEs are unaware of how GDPR affects them? What are the essential points they need to understand

GDPR legislates how Personally Identifiable Information (PII) can be recorded, stored, utilised and destroyed.  PII is any data that can either identify an individual or be used to identify an individual.  This includes obvious fields such as name, ID numbers, passport number, driving licence number as well as less obvious data such as IP address, user name, location data.

GDPR is all about protecting individual’s rights in respect to their personal data.   It establishes a framework of rights and duties which are designed to safeguard personal data.  This framework balances the legitimate needs of organisations to collect and use personal data for business and other purposes against the right of individuals to have respect for the privacy of their personal details.

Will working with other European companies become more difficult or will they all be singing from the same hymn book?

Working with organisations in the EU or more widely in the EEA will be easier now GDPR has come into force.  The Data Protection Act 2018 gained Royal Ascent in May to coincide with the start of GDPR so the UK is already aligned to the rest of Europe post Brexit.

Is it worth exploring the services of a specialist to become up-to-date on GDPR requirements, or are there a lot of sharks ready to take people’s money, when really, it’s quite straightforward to comply?

Organisations can undertake the task to become GDPR compliant, however, there is a considerable amount of work involved and some professional guidance will save time and help you to avoid making mistakes.  There are a lot of organisations offering GDPR related services so it is essential that you research them thoroughly before signing up and remember that personal recommendations from people you trust are always the best.

Quick Guide to GDPR compliance

• Sign up for the GDPR Academy training to gain an understanding of GDPR.

• Carry out a Data Flow Mapping exercise so you know what personal information you record, process and possibly share with third parties in the normal operation of your business.

• Conduct Data Protection Impact Assessments (DPIAs) which can help organisations identify the most effective way to comply with their data protection obligations and meet individuals’ expectations of privacy. Under GDPR an organisation must carry out a DPIA before embarking on any project or activity that involve the use of personal data.

Stay up to date with GDPR Academy by following on LinkedIn and Twitter