GDPR and what to do

What is GDPR?

General Data Protection Regulation (GDPR) are the new data privacy laws coming into effect on May 25th 2018 which govern the handling, processing, usage and storage of personal data for any UK or EU citizen.

Does GDPR affect my business?

It is essential that all UK & EU businesses (and any other global business dealing with UK/EU citizens) take action to ensure their policies, processes and software are compliant to avoid hefty fines.

How easy is it to become GDPR-compliant?

Firstly, here's the bad news, there is no magic bullet or quick fix.   Each business is categorised differently under GDPR and becoming compliant depends on your business decisions such as what type of data you collect, how you intend to use data, how it is collected and many other factors.

There's no doubt that for many companies, reviewing and making the necessary changes will be time consuming, difficult and may even prevent them operating in the way that they did before.   However, the key aim of GDPR is to ensure that personal data is not abused as it can be in some cases.  Admittedly, there are probably only a small percentage of shady companies who knowingly misuse data and abuse trust, but GDPR is meant to tackle more than this - complacency, accidental misuse, eliminate confusing T&Cs, to name but a few.

Is GDPR just a load of bureaucratic hot air?

In our opinion, GDPR is a good thing and a necessary thing.   The previous data protection laws were wildly out of date and do not consider the complex IT infrastructure we have today which includes data centres, cloud storage, distributed ledgers, blockchain and many more technologies.

So yes, getting everyone GDPR compliant is going to take time, be challenging and is likely to incur costs....and may even hamstring some companies in their marketing efforts.

But it will lead to a safer and better space where UK/EU citizens can feel more confident that their data is handled responsibility and the companies they engage with do so only with the necessary consent.   Hopefully it will lead to less spam, fewer phishing attacks, reduced data breaches and generally more trust across the Internet.

Where do I start to get GDPR-compliant?

  1. Read up - The best place to start is to read up on the GDPR guidlelines and gain an understanding of where you business fits in.   You will also need to review, refine and document your processes for data collection, handling, storage etc.   This may require process/strategy changes, further training and technical updates to websites/applications/software.
  2. Review & update your privacy policy - As a bare minimum, you should at least state how you use people's data in relation to and conformance with the new GDPR.
  3. Make changes -

Will I get fined on 28th May 2018?

Almost certainly not!  Although we're not lawyers, so please don't take this as legal advice!

The reality is that GDPR is going to take time for businesses to review their policies & processes and put changes into practice.

As such, it's very unlikely that the EU will go on a witch-hunt to punish every business on day 1. 

That said, the best thing to do is to make positive steps towards becoming GDPR-compliant.   At least by doing something, you are acting responsibly.

GDPR for Silver Innovation clients

If you are a Silver Innovation client, we have prepared our GDPR statement for service provision on behalf of our clients which explains our role as a service provider (data processor) and how we will help you review & change any of your website/application/software developed by us to be GDPR-compliant.