I’ve written before about the joys of compliance and the need to embrace the way of working rather than preload audits but it feels like a good time to drill that home. At the end of this article I’m going to give you a golden ticket. Sure, you could skip straight there but why would you want to? You have to earn things so put in the work and read my misgivings!
I attended a very good session on GDPR recently with a team of eminently more patient and sensible people than I. The presenters gave us the state of the nation and where we go from here. The thing is they were all right on the button. They all said exactly what needed saying but..it was in the blender of all the presentations that the real message comes out.
Read the document
Read the actual document. There’s a version for the iPhone here but I’m sure you can find your own sources. Yes, it’s tedious. Yes, it’s written in such a way that will drive you to swipe left but if you want to understand it, read it.
You only have to google ‘GDPR’ to immediately hear the sound of lawyers and consultants hands rubbing together as they work out how best to perform an appendectomy of the ethereal cash in your vapid cloud accounts.
It’s Y2K again, planes will fall out the sky, electricity will stop working, the banks will plunge into chaos. Everyone panic, everyone should spend the budget they don’t have on ‘stuff’ and we’ll all sleep safely. There are hundreds of people that want to build a trusting partnership with customers, unfortunately, there are thousands that want to make a buck from your fear. There are better ways to get adrenaline buzz if fear is your thing. Try to ship network hardware to Russia or commit a date to a customer on a UK carrier delivery, that should do it.
Don’t get me started on external EU liability. I’m intrigued as to how the EU will uphold a fine to North Korea for playing fast and louche with my account details for that eBay missile housing I bought. Perhaps they’ll send an armada, a very powerful armada…in the wrong direction. Sorry, I digress, let’s cut to the chase,
- You need to be aware that GDPR is coming. Read and prepare so you understand.
- There are scary fines being bandied around (up to 4% of previous years revenue) but how they will be graded and distributed is anyone’s guess. Make sure you aren’t at the front of the queue. Nobody likes a show off.
- There is no fixed audit cycle as such, so instilling a cultural change needs to start now, get your staff up to speed and make sure you behave appropriately.
The Golden Ticket
This is all about risk management. If you can demonstrate that you have consistent and appropriate controls on the data you have then you have nothing to worry about.
- Treat the data you keep as you would expect your own information to be kept.
- Know what you have and where it is kept.
- Know how to modify and erase it.
- Know that you’ve done everything you can to stop someone else getting hold of it.
If you take the appropriate precautions on the security of that data and accept the appropriate risks, you’ll be fine.
If you want sensible advice or you have doubts, give me a shout and I can point you in the right direction. If you think I’m wrong, give me a call and I’ll direct you to the latest snake oil salesman with a cure for everything.