It feels like there’s not a day goes by lately when I open my email account or check my social media feed without being bombarded by people telling me that I’m going to have to pay something extra because my business isn’t complaint with some new regulation or another… I’m writing to share some of my expertise in the hope that I can help you decide for yourself how much of this noise is actually worth listening to and whether you actually do need some support.
My Name is Kim Taylor and I’m the Head of Operations for Univate Business Solutions, who with offices in Manchester UK, Chicago USA, Amsterdam Netherlands and Lagos Nigeria are Global experts in Data Protection Regulations including the General Data Protection Regulation (GDPR), Privacy and Electronic Communication Regulations (PECR), ePrivacy and The Data Protection Acts. When it comes to data protection and working with third parties.
I’m going to dispel some myths and share some tips with you so that you will be able to sort the chancers from the genuine solutions and consider whether you would benefit from some external input.
It’s all about GDPR
Is it really? GDPR is just one of 3 sets of regulations that we are going to be working under after 25th May. We will also have to adhere to the rules in the Privacy and Electronic Communications Regulation, as updated by the ePrivacy bill and the New UK Data Protection act 2018.
In fact, when you look into the past enforcement by the UK’s Data Protection Regulator, the Information Commissioners Office (ICO), approximately half of the fines have been handed out for breaches of PECR and not the current Data Protection Act that everyone will tell you GDPR is replacing.
So, If anyone tells you they can support you with GDPR or train you on GDPR, Always ask yourself why they’re ignoring the rest of the rules.
You will get fined Millions for not complying
Will you? Not very likely. Yes, it is true that in extreme examples the ICO will have the power to fine up to €20m Euros or 4% of your annual global turnover, the regulations say that this is only for very severe breaches and it is a maximum. The ICO have demonstrated time and time again that they are firm but fair and penalties are much more likely to be reasonable.
I would be more worried about the potential for negative PR or getting an order to stop processing than the amount you can be fined in any case.
If someone is banging the ‘you will be fined loads and loads’ drum, take it with a pinch of salt. Look for more honest assessments of your potential liability because to be fair, you’ll probably want to avoid the more realistic £50k fine just as much.
We can certify you as GDPR Compliant
Can they really? 2 things come to mind: 1) How can they do that when some of the rules are still being debated and 2) what good is that when GDPR is just one of the sets of regulations you will have to comply with?
If someone is telling you they can certify your business as GDPR Compliant, you should consider whether that’s actually any use for you or even possible given the rules are still being debated.
We can be your data protection officer
Not everyone needs a data protection officer. It is true that there are a lot of rules around the role of DPO and that you can outsource that role, but there are certain types of business that do and some don’t.
If someone offers to be your data protection officer, check that you actually need one before you sign any agreements. Alos, if you’re going to work with a partner on this… Please make sure they are registered with the ICO.
We’re the leading GDPR Consultancy in the UK
Are they? Don’t just take their word for it, check. I’ve already said that anyone who says ‘GDPR’ instead of Data Protection is probably not the specialist they claim to be but you should also think about whether they can legitimately claim to be the UK’s leading consultancy. Genuine consultants wouldn’t use language like that.
If anyone says that they are the leading GDPR Consultancy, ask them to prove it.
Don’t let people try to back that up with accreditations and qualifications around GDPR. It’s good that they’ve attended a course but if that’s all they’ve done that won’t help them to help you implement practical commercially minded solutions it just means they can recite chapters from the rules to you.
To summarise then
Yes, it is a nightmare and there is a lot of work for businesses to get ready but if you see or hear any of the things above, keep looking. There are plenty of genuine businesses out there who are well placed to help you consider how to best apply all data protection regulations to your business in a way that works for your clients, yourself and keeps the regulator happy.
If you buy bad or cheap advice, you will have to buy it twice and don’t make the mistake of thinking that any of these quick win cowboys will be there for you if it all goes wrong.
Follow the tips above and you should find you’re in a good position.
About the author:
Kim Taylor Head of Operations for Univate Business Solutions, Univate is an amalgamation of Unification and Innovation which means a lot to us. We are a compliance and data protection company specialising in all global regulations, supporting and helping organisations worldwide to comply with their local data protection and UK & EU Data Protection (GDPR).
Did you enjoy this article? Here is what you can do!
- Sign up to become a FREE Member here.
- Please let us know what you think by leaving a comment below.
- Share it with your network - go on, spread the love.
If you’d like to be considered for an award, or would like to nominate someone else, nominations and applications for the FL National Awards & Summit 2018 are now open – for more details see HERE.
Forward Ladies have created a guide to help you take action to close your personal pay gap - sign up for our newsletter HERE and get a copy of your FREE guide today.