News

GDPR: Prepared or Not Prepared

15 February 2018

GDPR: Prepared or Not Prepared

By Jenny Parsons, COO, ProTech

The media noise around the General Data Protection Regulation (GDPR) does not abate, not surprising as the deadline for compliance creeps every closer – there are only 98 days until 25 May, 2018.

Today I read with interest two comprehensive GDPR related articles. The first from TechCrunch entitled WTF is GDPR? It did strike me that anyone not knowing WTF GDPR is, is without doubt in serious trouble. The article is a guide to the major changes GDPR will bring and some of its potential impacts.

The second was from Reuters with the headline Business booms for privacy experts as landmark data law looms and focuses on the cottage industry that’s developed around GDPR i.e. lawyers who advise on compliance, cyber security consultants and software developers that help firms work to achieve compliance. This takes me back to the days of the Year 2000 ‘bug’; yet this time the threat to businesses who fail to comply is real.

Both make interesting reading. But the third article I read, from Infosecurity Magazine, provided the most heartening headline: UK ‘Most Well-Prepared’ European Nation for GDPR.  This finding is revealed in a study conducted by data cleansing specialist W8 Data.

The article states that the UK is well ahead of the other European nations when it comes to GDPR compliance, with only 29% of UK organisations either not knowing or feeling totally unprepared for the new regulations, compared to almost half of German organisations with Spanish (73%) and Swedish (71%) companies the least prepared.

However, it’s not all good news. In the same article, André Bywater a partner at Cordery, which helps manage the ever-increasing compliance burden, thinks that there are ‘some’ UK companies that are well prepared for GDPR but in general others are not, especially SMEs.

Which camp does your organisation fall into?

If it is the ‘not prepared’, I hope the two articles I have highlighted above will provide some guidance and take a look at the Information Commissioner’s Office ‘Preparing GDPR – 12 steps to take now’ without delay.

As a not prepared organisation you have left it so late in making preparations for compliance it is likely that you will need to draw on the expertise of one of the experts that form part of the GDPR cottage industry referred to above.

This is not as easy as it sounds. You need to be sure you are partnering with a proven GDPR expert and not a GDPR cowboy and I fear that the proven GDPR experts may well have been ‘snapped-up.’

If you are an unprepared Not for Profit (NFP), Membership or Association organisation whose operations are underpinned by technology solutions, you must check that your solution providers have taken the necessary steps to ensure that your systems will help you become GDPR compliant.  

For many NFPs, the key system holding customer/member data is their CRM solution. Given that it is this data that exposes them to the most vulnerability in demonstrating GDPR compliance there are some key questions you, should be asking your CRM provider and asking right now.

  • Does your CRM software enable data portability? GDPR supports individuals being able to port or share their data with other organisations for the purposes of improving customer choice and value.
  • Do you have the ability to delete records? GDPR stipulates that individuals have the ‘right to be forgotten’. If you do have the ability to delete a record you also need to understand how that will impact the overall integrity of the data you hold.
  • Do you have the ability to pseudonymise data? Does your CRM solution allow you to pseudonymise/anonymise data so it cannot be attributed to a specific individual?
  • Do you have the ability to customise communication preferences and provide a full audit trail of those preferences and any changes that may occur? A key requirement of GDPR is to enable customers to provide informed consent for you to hold their data, to provide informed consent around how you process their data and to stipulate how they want to engage with you. This consent and preference detail must be recorded. GDPR also requires that consent can be withdrawn by the customer and once again this must be recorded.

‘He who fails to plan, plans to fail’ is a Proverb which could come back to haunt the senior executives of companies of all sizes, across all sectors, who are not prepared for GDPR. I hope you aren’t one of them.

For more info on how ProTech’s integrated web and CRM solution can help you prepare for GDPR please email: kim.smith@protech.co.uk.


BACK TO INSIGHTS

Sign up to our newsletter and brochure

Continue to learn more about ProTech’s lastest news, insights, software updates and forth coming releases. Sign up for our newsletter and request a brochure.     SIGN UP HERE

Latest News