GDPR will be in force from 25th May, 2018, but it’s actually in place already. Whilst many businesses are now becoming aware of their new obligations, they’re also realising they have their work cut out to fulfil them. Current legislation does not view B2B contact information as personal, but this is changing with GDPR. Any business or personal information an organisation holds that can identify an individual will be covered by GDPR. This includes B2B contact details. So if you’re not yet one of the many businesses well on the way to taking the necessary steps to ensure you will be ready to meet your obligations you need to start working on it now. According to Data IQ, it takes an organisation six months, on average, to change a data process… so don’t say you haven’t been warned!
With that said, therefore, if you haven’t got going on GDPR yet, what should you now consider? Here are a few key pointers.
Analyse your data usage
If you haven’t begun to assess what personal data you hold and use within the business… you need to do so. The key change for many organisations is that B2B contact data will be included within the definition of ‘personal data’, and thus needs to be treated in exactly the same way. But don’t underestimate the work involved to become compliant. The systems and process changes you are likely to need to implement will require a focused effort to hit the deadline of 25th May, 2018. The buzz words you need to have flying around are transparency, consent and control. But at least there is a payoff. The effort you put in now to ensure these are in place will not be wasted. More and more individuals are becoming prepared to share their personal data, whether that’s for business or as a consumer, than ever before. Get your systems and processes right, and you will reap the rewards.
Allocate budget to data governance
GDPR compliance is important. Suffer a data breach once it is in force, and you will find your organisation feeling the cost in more ways than one. There will be fines. There will be a need for process and technology change. And you will suffer a loss in customer confidence. All those will have an impact on your bottom line. So allocating budget to getting your processes and systems right now, whilst also ensuring headcount is allocated too, will save you money in the long run.
Implement processes to track data breaches
Tracking, as well as acting on, data breaches is one of the key new requirements of GDPR. There are time limits, and the clock starts ticking as soon as an organisation is aware of a breach. No longer can you rely on external bodies or customers to advise you of a breach either. You will need to be checking and tracking matters internally all the time. And you will need to be able to provide evidence that this is the case.
Start checking your privacy notices and permission statements
Great emphasis is now to be placed on transparency and consent. No more assumptive acceptance of being added to a mailing list. No more smoke and mirrors. The statements your organisation uses to request that individuals provide you with their personal data are going to need to be specific, accurate, and long lasting. What you say you do at the time someone clicks ‘yes’ to provide you with their data cannot change. And in addition to this, the ‘right to be forgotten’ will make management of your data critical. Be aware, time-limited consent is also likely to become a feature.
Consider the impact of a data breach on the business
Big data breaches are in the news a lot these days. But the size of a data breach does not necessarily reflect the impact it will have on a business. You may be small enough not to need to worry about a raft of investors, but customer confidence in your operation is still important. A lapse in the management of the personal data you hold is one way to destroy that very quickly.
If you’re ready to get your organisation up to speed on GDPR, please visit this page to learn more. There’s a lot to get through, it’s worth starting as soon as you can.