GDPR: Coming, ready or not
PUBLISHED: 14:20 08 May 2018 | UPDATED: 14:20 08 May 2018
As GDPR approaches, businesses are panicking. But there’s still time to prepare, as Paul Lawrence, CEO of Salpo Technologies, explains
With so much noise around GDPR, it’s difficult to know which way to turn or who to listen to. Some lucky businesses are fully prepared for GDPR, or think they are. Many others have taken steps towards compliance but know they must do more. The rest are burying their heads in the sand, hoping this will all go away. Whichever camp you’re in, you need a plan to get over the line.
Time to take action
Whether you’re looking to manage GDPR compliance yourself or use a consultant to shape your processes, it’s time for action. So, what to do first? The ICO has offered constant, if evolving, guidance on how to tackle GDPR. The much-referenced “12 steps to take now” provides a useful framework which many, including us, have used to guide compliance efforts.
Firstly, you need to let people know that GDPR is coming (is there anyone left who doesn’t know?!) and assign a key person to be in charge. Legal help is advised for some key steps, like creating privacy statements, to ensure people know what data you will gather and how you will use it. Beyond that, it’s all about managing the personal data you hold and evidencing GDPR compliance.
The path to compliance
You need to identify anything categorised as personal data, then document how and why you hold and process that data. We handle this through our customisable platform and manual compliance tools, allowing you to import your data, flag personal data fields and record the lawful basis for holding and processing that data. You can link multiple privacy statements to contacts and communicate with them based on their preferences.
Our automated GDPR Compliance Assistance Tool (CAT) takes it a stage further, allowing you to bulk email contacts, directing them to an online portal to approve personal information, provide consents and indicate marketing preferences. All actions are date and time-stamped, creating an audit trail which can be used to evidence compliance.
Better late than never
Clearly this isn’t an exhaustive guide to GDPR compliance, but I hope you can see it’s not too late to take meaningful action. Potential fines for non- compliance are scary, at up to 4% of global turnover or €20M, whichever is greater. While there’s no guarantee of avoiding a fine, you’re definitely better off having started to work towards GDPR compliance, even if you’re not 100% there. The best news is, this can be achieved very quickly and relatively cheaply.
Salpo Technologies provides GDPR compliance assistance tools through its modular SaaS platform.