GDPR - Time for a positive change?

We’re living in an age where there has ceased to be a filter. Constant sharing on social media and the ease at which retailers request (and are given) all sorts of information, from our email addresses to our preferred shampoo brands and the biscuits we regularly buy, means that, however inadvertently, there is just too much information out there – about everyone!

There’s no denying that there is most definitely a type of information overload that has found its way on-line. Think of what’s drifting around in cyber space and it gets scary – banking information, contacts, addresses, social media posts, IP addresses and sites visited. All are out there, floating in the ether.

Most of this we have been in agreement to, albeit sometimes quite carelessly when it comes to social media posts. However, there is a certain amount of information sharing between organisations that many of us had no idea was going on; we might have unwittingly agreed to it, possibly even by saying and doing nothing. (Ever noticed the tick boxes are if you don’t want your information shared with third parties? The onus is on us to opt out).

In the UK, our laws surrounding data have, until now, been set by the Data Protection Act 1998 but all this is set to change. The General Data Protection Regulation (GDPR) becomes enforceable in May 2018 and brings in to play data protection laws in the EU that are more relevant to the digital age that we live in today and consolidates them into one single law.

The GDPR is a measure aimed at strengthening data protection and will impact on any business operating within the EU. Aimed at giving individuals back control of their personal data, it simplifies regulation, presenting one standard that has to be adhered to by all. Non-compliant organisations can face fines of up to 20 million euros or four per cent of annual revenue so it is not a law to be taken lightly.

Given all the recent negative press about Facebook and the public outcry as it was revealed that millions had had their data exploited, it would seem that the GDPR is most timely.

The most important point at this stage, for any SME, is not to be afraid of this new measure. If you haven’t already, you need to develop a compliance plan, get in touch with the terminology and read up on what the GDPR and any associated legal factors actually mean.

It is all about consent, to all intent and purpose. The GDPR considers how well informed your customers are about what their personal details are being used for and demands that their permission has been sought and given.

Being compliant not only protects your customers, it also protects you from any backlash, bad publicity and crippling fines so now is absolutely the right time to take it on board and embrace it. It’s a positive and a necessary step that is long overdue and we all must act on it.