GDPR, ongoing compliance and your business

For many businesses GDPR came and went with the 25th May 2018.

There was a lot of media attention, hype and noise but now it’s all going strangely quiet for many. However, that doesn’t mean it was a load of fuss about nothing. GDPR is here to stay and it means business, in every way.

Can a GDPR fine ever hurt a company like Facebook?

You only have to glance at the news to see that Facebook has been fined £500,000 after the data scandal with Cambridge Analytica. Like footballers, it would take Facebook no time at all to pay this. If you are interested in Q1 of 2018 they made $4.8 billion in net profit.

If your reputation matters then you need to physically demonstrate compliance. If you are concerned your company is not yet in a position to do that click here and fix things today and always.

Are Facebook really too big to fail?

Business Insider totted it up and reckoned it’s worth about 18 minutes worth of revenue. That would be $37,037 a minute if you are interested. But that really isn’t the point. You only have to look at the TV ads Facebook are running to see that their reputation really has been dented. Their apparent lack of care for personal data has shaken many people’s faith and alongside that investors and advertisers start to ask questions. You can shrug off a fine but how long does it take to rebuild a reputation?

The ICO now has sharper teeth – watch out!

Not only this but the new laws surrounding GDPR means the ICO can now issue fines of up to €20 million or 4% of a company’s global turnover. That really is an “ouch.”

GDPR doesn’t being and end with your website

Need help to implement on going GDPR compliance? Click here for a convenient, professional and affordable solution for your business.

The other most significant misconception is that many businesses think GDPR is all about the business website. That really isn’t the case. This is a mind shift. Data is no longer something you collect for marketing purposes and to do with as you please. GDPR ensures that we take individuals’ data seriously, store it securely for only the time it is required and also take privacy and accessibility very seriously. This will change how we do things, not just a policy on our websites.

Data, behaviours and the future

Take politics for example. The UK Labour Party used a company called Emma’s Diary. Their Google search result says: Sign up for free today and get £200 worth of free vouchers etc. It’s a tantalising offer and many mothers and families have done just that. Note it says “sign up for free.” But the cost is borne by data being sold to data brokers. Where does that data end up? You guessed it. Politicians can utilise personal information from sites such as these and “behavioural advertising” used to be considered “the norm”. Not any more. Elizabeth Denham, Information Commissioner wants a code of practice to “fix the system”. Watch this space.

Trust, due diligence and reputation are important

In addition businesses will need to trust one another when they are working within the EU and countries like Liechtenstein, Norway and Luxembourg for example. Businesses will do business with others who can demonstrate compliance. That means in future should you wish to undertake business within the broad EU boundaries and Europe generally, you will need to demonstrate GDPR compliance. This will be on going of course.

How will you demonstrate ongoing GDPR compliance?
If you haven’t realised, that means any business wanting to undertake projects within Europe, will also have to demonstrate compliance too. The net is very wide indeed. Yet that shouldn’t be an excuse for doing the minimum possible. There are plenty of chances to gain competitive advantage if you view GDPR as an opportunity and not a threat.

The Internet, after all, has developed organically.
Its evolution has been rapid and consequently it’s been difficult to keep up. Not many companies have necessarily given unified information governance a thought until now. It might be something that is undertaken by some, but has it become core to the modus operandi? Unlikely.

So why should a unified information governance strategy be a benefit?
GDPR has given every company the opportunity or push, perhaps, to review practice. Around data collection, storage and utilisation. Now data has been cleaned it really is a fresh start. Probably for the first time ever companies may well have some insight into the exact number of data sets in its possession. Not only that but the conversation will be, what can we do for people who have positively opted in to our messaging, products, services. Also how can we prove that their data is valuable to us and we will respect their privacy, secure their details and also be trusted to add value?

GDPR acknowledges the fundamental philosophy of business in the digital age
That’s what we mean when we say that GDPR is not just about amending a website. It taps into the fundamental philosophy of business in the digital age. Every company needs to be agile, creative and compliant. None can sit back and think GDPR does not and will not apply to them. Neither is it a smart move to sit back and wait to see what the regulatory body does regarding fines etc.) Ignorance is not an excuse when it comes to the rule of law. Therefore it is very important to keep GDPR on the radar and work hard to remain compliant on an on going basis.

Make a start on change. Don’t wait!
The important change is that companies need to consider being proactive rather than reactive. A change of mindset is probably required here. If GDPR compliance becomes an integral requirement by businesses in Europe and eventually across the world how will you cope?

What does good business practice mean for your company?
There is plenty of advice and education around for anyone to access. This is a time where a review of what has gone before, what is happening now and what might happen has never been more important. This should be a part of good business practice, of course.

The way we operate has been transformed by the digital experience. It’s time we all took our responsibilities seriously and started to plan then execute on going compliance.

Therefore if you are serious about your company’s ongoing compliance capabilities then start by managing or revolutionising the management of ongoing compliance. Click here to find out how your business can take advantage of this opportunity to thrive.

Could your business demonstrate GDPR compliance if someone asked you today?

You’ve done the hard work to become GDPR compliant but what if:

– You had a complaint?

– You had a request from a Data Subject to hand over their Personal Data?

– Or the ICO (Or your local Data Protection Authority) came knocking?

How quickly could you show someone everything you’ve put in place?

Fill out the form belowa to get your Free GDPR assessment – It could be the best 30 minutes you spend today.

Sharing is caring!