By Mike Richardson, Managing Director EMEA, Maximizer Software
In the final part of my series of blogs on the General Data Protection Regulation (GDPR) looking at some of the common myths that we’ve been coming across, I’m going to address the misconception that compliance is inevitably burdensome and involves a completely new way of thinking and working.
Myth #4 – “We’ve got a mountain to climb.”
There’s no denying that bringing your business into line with the GDPR can seem a daunting and complex task. It certainly seemed that way to us when we first familiarised ourselves with our responsibilities last year.
But it’s important to bear in mind that the regulation is a step-change; or, in the words of the Information Commissioner’s Office (ICO), an ‘evolution’ from the UK Data Protection Act 1998 and not a complete revolution. For instance, as we outlined in a previous blog, it is likely that you can still justify some direct marketing on the grounds of “legitimate interests”, as long as the rights of the individual aren’t infringed – and that is no different to the existing rules. In many cases, if you already have good data governance practices in place, you are well on the way to complying with the GDPR.
What’s new, however, is that the new rules come with ‘teeth’ in the guise of potential financial penalties (and the resulting reputational damage), and place greater emphasis on accountability and transparency, particularly when it comes to documenting your decision-making. The stakes have been raised, and you simply can’t afford to neglect your responsibilities or bury your head in the sand.
Also, the new regulation does genuinely present a valuable opportunity to review your commercial practices and learn more about your customers, leading you to improve engagement and potentially shorten your sales cycle. If the result is stronger customer relationships based on trust and authenticity, then that can only be a positive step.
The ICO publishes helpful advice for SMEs that can set you on the right track. But you may find it helpful to consult with external experts who have experience in guiding companies from the outset of their compliance journey. As a company facing exactly the same compliance obligations as you, we decided to take that route. Even as a CRM software provider, we realised that technology is only one element of compliance and it was definitely the right decision for us to bring in specialist consultants. They’ve helped steer us through the necessary data audits, reviews, process changes and policy formulation – helping us to adopt best-practices and ensure that our preparatory work contributes to business process improvement.
If you are concerned about the integrity of the data processes within your company, then it’s best to seek support sooner rather than later. The ICO does recognise that not every company will be fully compliant by the official deadline of 25 May – and it has spoken of preferring the carrot approach of engagement and empowerment to the stick of enforcement – but it’s important to take action now to embrace the right mindset and commitment to fulfilling your obligations so you can at least demonstrate reasonable progress towards compliance.
Maximizer and information security specialists Bridewell Consulting have linked up to launch a 12-week step-by-step programme to steer customers, partners and other SMEs through the key stages of GDPR compliance. For more information please visit: https://www.maximizer.com/uk/gdpr/