The General Data Protection Regulation (GDPR) goes into effect in a matter of weeks. On May 25, 2018, the new legislation will mean that businesses will have to be GDPR compliant.
What does that mean for businesses, and what should you be doing now to prepare for what has been called one of the biggest shake-ups in how personal data is stored?
In my role as a GDPR change management expert, I have spoken to many business owners about the implications of the GDPR and what their businesses need to do to be prepared for it. Here are some frequently asked questions about the GDPR and my responses to them.
Should businesses see the GDPR as an opportunity rather than a hindrance?
For those businesses that embrace the GDPR, they will have a competitive advantage over those that do not. We all want to work with and for companies that are professional and adhere to the latest regulations.
How can the GDPR benefit firms and their business processes?
The GDPR should make companies review their business processes by mapping where data is flowing through their business. This should highlight areas where business processes have surpassed previous policies which may have been established previously – it is a change management programme that allows a business refresh.
Why should businesses look at GDPR as a change management program?
The GDPR affects all of us – it is our personal data that affects all of us. Invariably there is a touch point that involves people, systems, and processes. As such, it will involve a change in a business.
What should businesses with lots of company data do to make sure they are complying with the GDPR?
It is not company data – it is personal data that a company may have. The first thing that they should do is to take action and have the GDPR on their business agenda. They should then map their processes where data flows through the business. They should then develop their revised policies to reflect this.
What are the biggest GDPR preparation challenges that businesses are facing and how can they tackle them?
Currently, there is too much noise and conflicting messages about the GDPR in the marketplace, which is resulting in many companies taking no action – hoping that they will not be caught!
Will businesses need to spend a lot of money to change their processes – for example, if they still use paper payslips?
Much of what is required is common sense. The GDPR has not come in to make companies spend lots of money – it has come in to protect people’s personal data. If companies still have paper payslips documents, what they have to do with those payslips is ensure that they are given to the recipient in the correct manner and not left open on a desk for all to see.
There’s not much time until the GDPR comes into force. What should be at the top of the list for businesses to do now?
Get started by putting it on the agenda. Communicate what you are doing with your staff. Make sure you develop a plan and document it, then implement it.
How can accountants help businesses to prepare for the GDPR?
Accountants can engage with their clients to ensure they are aware of the regulations, support them either through their own expertise or bring in external support – but make sure they take the lead to add value to their clients.
What is your business doing to prepare for the GDPR?
We have had to revisit our policies and procedures, which has been good for us as it has helped us to improve upon our systems and processes by reflecting how we work now. Business is constantly changing.
What has your business learned in its GDPR preparations?
We have learned that we are more focused on collecting relevant personal data – we no longer collect data that is a mile wide and an inch deep – we collect data that is a 100 yards wide and 10ft thick – we are spending more time in understanding and building on our relationships with our clients.