Holiday Season but not for GDPR Preparations!
As we approach the holiday season, it is usually a good time to reflect. What has the business achieved since the start of the year? What do we want to achieve for the remainder of the year?
2017 is an important year. The year to prepare for GDPR and hopefully many of you will be reflecting on your achievements around this already.
I hope we have now gone past the stage of “What is GDPR?”. But if you don’t know it is the replacement for the current Data Protection Act. It reaches further than the current act and organisations will have to prove they don’t need to comply rather than just simply register. The Information Commissioner thinks it is the biggest change to Data Protection law for a generation. You can see the latest video here: https://www.youtube.com/watch?v=vI39FRkM3DA .
In this video, Ms Denham says there is one year (365 days) to prepare, we don’t like to contradict, but as we write, at the beginning of July there is 226 days. Take off the days for an annual holiday and that probably reduces to 205 days, or less. Jonesy would say “DON’T PANIC, DON’T PANIC” but honestly if you still don’t know what GDPR is and how it will affect your business make it your number 1 priority now.
If you have started your preparations and you are working through the ICO 12 Steps approach you should be well in to stages 4-9 by now. Having understood your data, you should be looking at the processes that will ensure the rights of your data subjects. Depending on the size of your organisation this could be quite a task, but also an opportunity.
If you view GDPR as a compliance exercise, you are missing a trick and could actually increase your workload post GDPR.
GDPR requires privacy by design. Do your current processes support this concept? If you just build on existing processes will they be the most efficient?
When you return fresh from your summer break this is a great time to look at your organisation with fresh and rested pair of eyes. Take a look at each process, assess its efficiency and how it will help you meet the requirements of GDPR. Importantly, ditch the processes you don’t need and rewrite the ones that will not support your business going forward.
If you haven’t started your GDPR work yet following the ICO’s 12 steps is still a good framework to base your planning on. Consider though that when you return from your annual break you will need to make it more of a quick step than a gentle waltz.. But it can still be a rewarding journey.
Enjoy your summer break.