In exactly one month – GDPR will be in full, regulated swing! Information Commissioner Elizabeth Denham made a speech at the Data Protection Practitioners’ conference on April 9th, addressing the upcoming GDPR and highlighting some key features many of us may have forgotten along with way. She reminds us primarily, that we have no reason at all to fear GDPR – so don’t be scared about 25th May.
When preparing for something as colossal as GDPR, it’s so easy for us to forget the core foundations of why it needs to happen. We’re all so busy focusing on whether we’ll be ready and what fines we might incur that we struggle to look past the front door of our offices, but Denham’s speech is instrumental in helping us remember what and who GDPR is for. Let’s look to the key points Denham poses, making sure we’re on board with GDPR for all the right reasons.
Get ready for “an interesting ride”
Denham starts her speech by saying “these are, indeed, interesting times. And it’s interesting times that provide impetus for change”. She brings up recent events, namely the exposure of Cambridge Analytica’s use of personal data alongside Facebook. This was a huge eye-opener for us all, as Facebook is close-to-home for many of us, and it’s now easy to see why only 1 in 5 people fully trust organisations with their personal data. Denham assured us the ICO were investigating all the right people. She pointed out a positive to be drawn here, in that everyone has become very invested in personal data; “Suddenly everyone is paying attention. The media, the public, parliament, the whole darn planet it seems.”
These recent affairs indeed fall under the umbrella of “interesting times”, but let’s not get carried away with the hearsay now it’s suddenly on everyone’s minds. There’s no doubt that now is the best time to be invested in personal data protection, and the work we are all doing towards becoming compliant is not only essential, but it is important, and very interesting.
Denham then hits us with our first reminder of this importance, by stating “the proper use of personal data can achieve remarkable things. It can improve, ease and enrich our lives.”
It’s not until our own data approaches the chopping block that we see the true importance of data protection. With recent events falling so close to GDPR, we all realize something very important – when your data is protected, you don’t even think about putting it out there. But as soon as someone breaches this protection, your guard shoots up and we all question how much of our data is in circulation, and how it’s being used.
Out of sight and out of mind doesn’t apply here – we need to remember how good it feels to know our personal data is safe, and want that feeling felt by everyone our organisations come into contact with. We’re not working hard to comply with GDPR just for the sake of having a legal system, we’re doing it for the safety and protection of every individual, inside and outside our office.
It’s not for you…
“I believe the public should be and is at the heart of everything we do”. This comment rings through us all, as a true reminder of who GDPR aims to support. Denham comments on how the ICO have over 200 heads working on issues raised by the public, and they’re planning to take on more people to deal with many expected complaints, because everyone is now more aware of their rights within personal data protection – but this is how it should be! GDPR not only requires organisations everywhere to change their systems for compliance, it also makes everyone working on those systems aware of their own data and what standards they would expect from other companies.
We are all members of the public, as well as hardworking business people trying to reach compliance. GDPR is not for you in terms of business – it isn’t there to protect organisations from other organisations, but it is there for you as a member of the public, with personal data to protect. Take this, and ask yourself – would I be happy for my data to go through the systems my organisation has in place, and why? You’ll start to see what Denham is getting at when she says “you all have a role to play in advocating the correct use of personal data in a world where it powers so much of what makes our economy, our home life, and our public services function.”
Don’t panic – “there is no deadline”
I know what you’re thinking – I read that and doubled back over it too! Here’s the quote in full – just so you can be 100% sure you read it right – “In fact, it’s important that we all understand there is no deadline. 25[th] May is not the end. It is the beginning.”
Denham is aware (as are we) that a huge amount of scare mongering and myths have arisen around both the GDPR and how the ICO plans to enforce it. There’s been a mentality of confusion and fret, where everyone expects 25th May to arrive only to be greeted with an enormous and unaffordable fine for getting it all wrong.
We can’t stress enough how far removed this image is from the truth, Denham was very keen to clear up all myths surrounding enforcement and set the record straight. She spoke at length about how the ICO do not intend (or want) to fine numerous organisations constantly. Fines are reserved for the businesses that refuse advice, whilst persistently and deliberately disregarding the laws around data protection.
Enforcement is a harsh word, and Denham offers some alternatives to represent the desires of the ICO, namely engagement, education and encouragement. She is adamant to put across the ICO’s desire to nurture organisations and help them understand data protection so they are passionate about maintaining compliance. “I don’t want to punish organisations for breaching the law. I want to help stop that happening in the first place.”
The 25th of May is not a deadline for GDPR. Legally, GDPR is already in motion, and has been for nearly two years! But until 25th May, you can’t be held accountable for your actions under the eyes of the law. This is almost like a grace period, for us to make mistakes and learn why things need to change. But this isn’t what Denham is getting at here…
She describes GDPR as “a long haul journey. But it’s not a holiday”. Some of us may have a lot of work to do before 25th May, but if we see it as a deadline, then we are tempted to forget a huge part of GDPR – upkeep. GDPR is here to stay; from 25th May, it must always be in motion, and we as organisations need to always be evaluating and checking our systems and processes. If we don’t we’ll slip out of compliance, and that is the last thing the ICO want. Don’t go through all this work to trip up at the first hurdle.
“It’s your job to make sure you keep your foot on the gas. Your preparations, your work – your important work – must continue beyond the 25th. Perhaps that’s when the real journey begins.”
Denham ends her speech by asking us to “buckle up”, ready for the ride ahead. We’re certainly ready at Lead Forensics. After a lot of time and elbow grease, our product and systems are GDPR compliant, and ready to go. (Well, they’re already in motion!) So we’re feeling good about life after 25th May. Our GDPR compliant solution allows B2B marketing and sales professionals to identify their anonymous website traffic, generating a bounty of hot, sales-ready leads to pass into their sales pipeline. Book your free demo today and find out more!
Free guide – GDPR: What does it mean for business? is full of useful hints and tips about the GDPR and what it means for businesses everywhere. Download for free today!
DISCLAIMER: Lead Forensics is a global market leading SaaS organisation. We have conducted extensive research into the GDPR and have an active working knowledge intended to help our clients to become better prepared ahead of the GDPR coming into force. Lead Forensics however does not provide legal advice on the GDPR and cannot be held responsible for the GDPR compliance of any organisation other than its own, it is the responsibility of each business to ensure their own compliance with the GDPR. If you have any need for legal advice, please contact a solicitor or visit the ICO website for further information https://www.ico.org.uk