When I first heard about GDPR, my first reaction was “Here we go again, another set of rules that actually don’t impact us but we’ll have to spend time investigating.” I couldn’t have been more wrong!
The new General Data Protection Regulations (GDPR) are coming in from May 2018. They are a set of EU rules that replace the current Data Protection Act regulations that are managed by the Information Commissioner’s Office (ICO).
Brexit won’t have an impact on them as far as we can tell at this time. Any business that manages the data of a citizen (s) within the EU has to be compliant. This means you can’t offshore your data. Companies like Facebook, Google and other American tech giants are going to have to play by these rules. Basically, they’re going to have a global impact. There is no escape or getting around them!
The press have started to make a fair amount of noise about this. One of the best ’Introduction to GDPR’ articles I have read so far is written by Mike Smith of Grown-Up Solutions: A Grown-up Guide to The GDPR.
Have a read, it will give you a pretty good idea as to what’s coming our way and there are also some useful links to the ICO that provide the info straight from the horse’s mouth.
At Gallowglass we take data privacy seriously. It became pretty apparent that we were going to need to get compliant with these regulations as quickly as possible AND that we are going to need to get help.
The task is huge if you are starting to look at this! Be prepared for it to take months to get compliant, if not longer.
We have engaged a couple of consultants to get advice – just so we make sure we are being told the same thing and that it is independent and correct. I can’t recommend this step enough. You want someone who is going to look at what YOU do as a business and not just reel off a load of generic spiel. We are working with Hellen Beveridge of Circdata and a company called Core Technologies who have done a lot of work in this field.
Hellen has been great, as she comes from an events background and so truly understands the challenges of managing data in our industry.
Lloyd Carnie (Core Technologies) is fantastic and has come up with numerous ideas that can help us manage this process utilising technology (a fair bit of which we already have access to).
We have also made sure to attend events that provide information about GDPR. Event Huddle have held some good ones and we have also attended some by Core Technologies.
My next blog post in this series is going to cover what we are doing to get started.
Other Useful Links