GDPR and your business: It’s as much about attitude as it is about process…
Is it all for one and one for all? Or being left to no one and none at all?
Just in case you’ve missed it (or have teamed up with the UK Hide-and-Seek Champion), GDPR arrived in May.
“GDPR what?”, you cry!
“General Data Protection Regulation!”, we cry back. Because the last thing we want is for there to be tears – especially when business owners discover that getting it sorted well before then might not have been such a bad idea…
In previous posts, we covered some of the key questions to ask yourself, and offered some practical first steps to getting ready for GDPR.
Whereas that post was more data-focused, this one is all about the people involved: the who and the how, and what to reflect on to help you work out the next steps from here.
It’s all about attitude – as long as it’s the right one…
So, what is your attitude to data protection?
Fairly lax, and you can’t see what all the fuss is about? Or you regard it as a welcome necessity that should be integral to your business and embraced?
Hopefully, it’s the latter, as companies will benefit most from GDPR by taking a whole business approach to it – through the board or the organisation’s leaders fully committing to it, being accountable for its delivery across the business, and actively driving the process and its roll-out throughout.
It’s all about preparation and data-mapping too…
Many believe that it’s simply a case of just leaving it to the people who mostly deal with the data, such as your IT staff or those in marketing. But the principles of data protection apply to every touchpoint of your business.
For it to work properly, and for businesses to ensure that they’re not exposing themselves to risk, GDPR really ought to involve everyone: everyone within the organisation should not only be aware of the importance of GDPR, but buy into the fact that their roles and responsibilities play a key part in successfully delivering it.
With all that in mind, then, try these questions for size:
Overall, who in your organisation will be responsible for GDPR?
Are you prepared to lead from the front and be accountable?
(Please say yes!)
Internally, who will be responsible for actually delivering the process?
Have you considered appointing a Data Protection Officer (DPO)?
(It’s mandatory for some; and for others where it’s optional, you still need to document whether you do or don’t appoint a DPO.)
There are also some wider considerations about how you store your data and what else happens to it, such as:
Do you know what platforms, tools, or apps are used to store the data within your business?
How secure is the storage of that data and what additional safeguards (e.g. staff training and awareness) are in place to protect it?
How confident are you that your external or outsourced agencies (e.g. HR or accountancy) are following the GDPR guidelines to keep your data safe?
Much to ponder!
Do you need a hand with your GDPR preparations?
Whether you’re nearly there, partly there, or nowhere near with your GDPR preparations, we can help you.
We can review all aspects of your set-up and processes, mitigate potential risk, and help map your data for you, so that you’ll have everything in place.
We don’t want to see people flounder with something they’re not fully au fait with, so why not get in touch to talk things through and arrange some support?
You’ll find that our attitude is a helpful one, and our approach very much the way you’d want it to be in your business: all for one and one for all!
Until next time…