GDPR and the great unknown

Is GDPR the next y2k?

Anyone remember y2k? Thousands of ‘consultants’ ran around telling us that unless they ‘reprogrammed’ our systems and chips (at a reasonable cost of course) then the world would stop and aircraft would start falling out of the sky at just after midnight at the turn of the millennium. Did it? No. It turned out to be a bit of a white elephant and nothing happened.

GDPR? Do this and do that and you won’t get fined £20million for a data breach. Sounds familiar? Certainly does. We must get invited to 3-4 seminars/webinars and workshops a week about GPDR at the moment; all free but with the facility to ‘employ’ them afterwards if you need any help with compliance, which of course you will as it is all too confusing. And of course, you’ll need their new ‘GDPR Compliant’ CRM system…

Now, here is the rub. If anyone can send me the link to the ‘official’ GDPR website with a list of things we must do and not do by the compliance date I would be very grateful. Can’t find one? Thought so.

Some of the advice we have come across so far has verged on anti-business: how do you sell your company products and services to new clients if you can’t contact them because they haven’t given you permission, and you can’t contact them to ask for permission? Is this the end for sales and marketing?

The one sensible piece of advice offered so far is that everything has to be proportional. In relation to what your business does and how you implement GDPR. But implement it you must.

Granted, we all have a responsibility to protect personal data within the company, which is a given and we should know where all data is held and who has access to it. Any data policy should be clear and comprehensive with everyone in the company signed up to it.