The General Data Protection Regulation (GDPR) comes into force in a matter of weeks. That’s right, on 25 May 2018, the new legislation will mean that businesses will have to be GDPR compliant.
But what does that mean for businesses around the UK? And what should they be doing now to prepare for what has been called one of the biggest shake ups in how personal data is stored?
In my role as a GDPR change management expert, I have spoken to lots of business owners about the implications of the GDPR and what their businesses need to do to be prepared for it.
Here are a selection of questions I’ve been asked about the GDPR and my responses to them.
Why should businesses see the GDPR as an opportunity rather than a hindrance?
For those businesses that embrace the GDPR, they will have a competitive advantage over those that do not. We all want to work with and for companies that are professional and adhere to the latest regulations.
How can the GDPR benefit firms and their business processes?
The GDPR should make companies review their business processes by mapping where data is flowing through their business. This should highlight areas where business processes have surpassed previous policies which may have been established previously – it is a change management programme that allows a business refresh.
The General Data Protection Regulation came into force on 25 May 2018 and businesses that breach it might be fined up to 4% of annual global turnover or €20m, whichever is the greater. Here's what you need to know about GDPR.
Why should businesses look at GDPR as a change management programme?
The GDPR affects all of us – it is our personal data that affects all of us. Invariably there is a touch point that involves people, systems and processes. As such, it will involve change in a business.
What should businesses with lots of company data do to make sure they are complying with the GDPR?
It is not company data – it is personal data that a company may have. The first thing that they should do is to take action and have the GDPR on their business agenda. They should then map their processes where data flows through the business. They should then develop their revised policies to reflect this.
What are the biggest GDPR preparation challenges that businesses are facing and how can they tackle them?
Currently there is too much noise and conflicting messages about the GDPR in the marketplace, which is resulting in many companies taking no action – hoping that they will not be caught!
Will businesses need to spend a lot of money to change their processes – for example if they still use paper payslips?
Much of what is required is common sense. The GDPR has not come in to make companies spend lots of money – it has come in to protect people’s personal data. If companies still have paper payslips documents, what they have to do with those payslips is ensure that they are given to the recipient in the correct manner and not left open on a desk for all to see.
There’s not much time until the GDPR comes into force. What should be at the top of the list for businesses to do now?
Get started by putting it on the agenda. Communicate what you are doing with your staff. Make sure you develop a plan and document it with timescales, then implement it.
How can accountants help businesses to prepare for the GDPR?
Engage with their clients to ensure they are aware of the regulations, support them either through their own expertise or bring in external support – but make sure they take the lead to add value to their clients.
What is your business doing to prepare for the GDPR?
We have had to revisit our policies and procedures, which has been good for us as it has helped us to improve upon our systems and processes by reflecting how we work now. Business is constantly changing.
What has your business learned in its GDPR preparations?
We have learned that we are more focused on collecting relevant personal data – we no longer collect data that is a mile wide and an inch deep – we collect data that is a 100 yards wide and 10ft thick – we are spending more time in understanding and building on our relationships with our clients.
What questions has your business got around the topic of the GDPR? Let us know in the comments below.
GDPR: A Guide For Small Businesses
The General Data Protection Regulation has been called the biggest ever shake-up relating to how personal data about individuals can be collected, stored and used. Get your free GDPR guide.