The essence of GDPR – The simplified approach
I am writing this as a professional in the world of information governance and data protection. For the last two years, more so recently, I’ve watched on social media the impact of GDPR evolve. I’ve seen individuals give bad advice, so called professionals steal wages, and companies be no further forward in terms of compliance. There is too much attention on social media about GDPR fines. Individuals talking about how your company will get fined if you don’t do this, and you need to buy the most expenses software and systems to be compliant. I’ve heard so called professionals saying you can’t have visitors book in reception areas now.
I’ve seen individuals recite the regulation articles at customers, which is great we should know this, but it won’t help the client, as they look all white faced at you and think, OMG, I have no idea what you’re talking about, and walk away still none the wiser about what they have to do now. This shouldn’t be new to anyone as we have already been managing information under the Data Protection Act Since 1998.
The saddest thing for me, is that essence of the regulations is lost. I don’t hear anyone saying, this is great news for me. Organisations will be looking after my information in an open and honest way, asking for my consent, won’t sell my details on unless I say it’s Ok. They will provide me with quicker and free access to my information in a format that I can read, understand and transfer. They will be more accountable for the information they collect, store and retain. When its not needed, destroy it securely, don’t hold on to it for a rainy day or a just in case situation. Forget me if I ask you too, tell me why your tracking my activity online and what you’re doing with the information. Say who you share my information with and why? Be open and say we have had a breach, investigate it, learn from it and tell me what’s happened quickly. After all it’s my information. Think about the consequence of your actions on me, will I now be subject to identity theft or targeted for sales purposes for all the health conditions I have. Information is the most important asset you hold, please look after it.
I’m a customer, of loyalty cards, store cards, marketing, newsletters, with an inbox full of marketing information, and the majority I don’t know how they got my details. I’m active on social media sites, who isn’t in this generation, but I don’t expect to have a profile built by a computer, without my consent or knowledge, on what I might like to eat, drink, how to dress, or who I should socialise with. Or social networking sites suggesting old clients as friend request, when I haven’t told you I worked there. Am I being tracked by my phone, without my knowledge, listened too via the internal microphone or watched by the tv webcam whilst at home on the sofa. If I am, this is an invasion of my privacy.
Fines you say, yes as my parents repeatedly told me when I was younger, with every action there is always consequences, so the fines are rightly placed. So, if you haven’t done anything after 25th May 2018 and\or have no evidence to demonstrate what you have in place to protect your customers data, I hope your pockets are deep. Ignorance isn’t an excuse. However, most organisations don't receive fines, check out the enforcement page on the ICO website, at the time of writing this article, 95 fines have been issued over 106 collective notices.
The biggest effect will be to you customer over the loss of their data and ultimately this will damage your company’s reputation.
Privacy by design should be at the heart of everything you do. It’s a mine field for data protection practitioners, but that’s our profession our clients shouldn’t have to navigate to find information. It should be communicated to them simply and practically!
One of the key things for me is leadership, creativity, simplicity and a IG/DPA professional that is emotionally intelligent, knowledgeable and qualified. I love the world of IG and after taking the decision to leave the NHS to create something that covered all the above. Leadership Through Data was born, as if applied correctly, I believe you can use data to change cultures which is driven by leaders of the future.
‘’Leadership - You can have the best team-work and planning in the world, but ultimately, it all falls apart unless the boss is prepared to take a decision when the pressure is on. Lady Karren Brady CBE’’
Leadership is about showing direction, standing up to be counted, doing something rather than directing. It’s about thinking out side of the box and saying maybe we should try it this way rather than doing the same thing we have always done. Empowering your staff rather than taking the dictoral approach and saying you must follow my instructions to the letter, after all, we aren't robots and all work differently. Learning from your mistakes and if something isn’t working don’t be afraid to try a different approach, it will make you better people/organisation in the future.
"Innovation almost always is not successful the first time out. You try something and it doesn't work and it takes confidence to say we haven't failed yet. … Ultimately you become commercially successful." Clayton Christensen, Harvard Business School Professor
Let’s do something different, whilst helping companies be assured of their data protection compliance but in an uncomplicated way that everyone understands. Data Protection is about taking all reasonable steps to securing information, aligned with your organisations risk profile. It’s not about spending millions on complex systems and the latest technology, but you can if you want too.
Leadership through data is built on the principle of making people understand legislation in a simple, fun and affordable way. We offer a range of information governance training and consultancy services, some specifically designed for the public sector and the others, such as our Data Security Awareness training, Simple Data Mapping and Information Asset Registers courses are designed for all sectors. We even design bespoke courses to suit your organisational requirements. Our company is also Continued Professional Development Registered. If you can’t find a service on our website we can still be able to help, get in contact as after all GDPR/data protection applies to everyone!