If you’re worried about the impending enforcement of the General Data Protection Regulation (GDPR), you may be tempted to draft in every piece of help you can find.
And that’s fair enough; in some areas, you’ll absolutely need it.
For instance, have you thought about how the GDPR might affect your website? You’ll almost certainly need some guidance there.
But before you reach for the digital yellow pages and call everyone purporting to be a ‘GDPR expert’ - stop. The likelihood is you’ll end up on the phone - or sat in front of - a solicitor, and that can get very costly indeed.
YOU DON’T NEED A SOLICITOR FOR GDPR COMPLIANCE!
One search for GDPR compliance on Google, and you’ll be met with countless solicitors offering their services.
Avoid these at all costs. Spotting an opportunity to make a quick buck (remember the millennium bug?), a frightening number of solicitors have started advertising their services for GDPR work.
The GDPR simply isn’t an area that needs a solicitor. The new legislation replaces the Data Protection Act 1998, but the main change relates to personal data and in particular the way in which it is stored electronically (or on paper, for that matter). The rules are largely the same.
Don’t waste your time and money with solicitors and the GDPR; they’re not equipped to deal with the changes required, nor do they have the skills required to provide a solution to achieve compliance.
Ok, so what can I do without a solicitor?
Much of the preparation you’ll need to undertake for the GDPR relies on good, old-fashioned common sense, and we think there are four things you can do to start getting your business geared up for the legislative changes without spending a fortune on legal aid.
1. Treat the GDPR as an opportunity
Yep, you read that right - this new set of rules governing how you’re expected to collect and process data from May next year is a huge opportunity - not a bind.
It benefits us all, because we all own personal data. This means you have a responsibility and opportunity to show customers that you treat their information with the utmost care.
The GDPR will force you to gain consent ethically (see point 2), tighten up your security measures against cybercrime and enable you to build a new layer of trust and loyalty with customers.
2. Start reviewing your consent
‘Consent’ in this context simply refers to the way in which you ask people to hand you their personal data.
The days of pre-filled agreement checkboxes are thankfully long gone, but come May 2018, even closer scrutiny will be placed on the way you ask for someone’s details.
The consent you request must be affirmative, verifiable and abundantly clear, and the person filling out the form will have to proactively do something to provide you with theirs.
Start looking at your sign-up forms today. Small tweaks may be all you need to undertake in this area.
3. Give thought to how you’ll be affected
The GDPR will affect businesses in many different ways.
To work out how you’ll be affected by the GDPR, you don’t need the advice of a solicitor. You simply need to consider the following:
- How do you collect data?
- Where is the data you collect stored?
- What do you do with the data once it’s in your possession?
The way you use personal data is particularly important, because it will impact a number of tools, departments and policies within your organisation.
These could relate to web analytics, your CRM database or the personalisation you undertake in email marketing campaigns.
Start auditing your data landscape now and work to understand every corner of your dealings with it.
4. Agree your policies and processes
You may already be compliant with some of the rights of individuals included within the GDPR (you can check the full list here), but you need to identify those of which you fall foul.
Once again, this doesn’t have to be complicated, nor does it need oodles of legal experience to get right. For example, you might simply need to change a particular web page or give users better access to their data.
It’s the same for data breaches. Do you have a policy in place if someone hacks into your database? The GDPR requires a notification within 72 hours, therefore you’ll need to start making changes now to ensure you can meet that obligation.
The list above isn’t exhaustive; there’s an awful lot you can do alone to prepare for and comply with the GDPR.
Our tips above should keep you away from expensive legal help, but if you want a more cost-effective helping hand when it comes to the more technical elements, the New Edge team can help.