Easy does it GDPR could be a gentle stroll

countdown-small

I haven’t written a blog for a while because I have been busy.  Busy preparing for the future.  I have, hopefully, secured my website, made better provision for the security of my tech and got a couple of certifications to show my customers I’m serious about this stuff.  But that was not the only reason.  As I sat down to write this blog there were 464 days 14 hours and 41 minutes to the implementation of the General Data Protection Regulation (GDPR).  Oh that is now 464days 13hrs 34mins, so we better get a move on.

The GDPR is probably one of the most significant pieces of legislation to affect UK businesses this century (I’ve always wanted to write that!).  It will, in some way affect all businesses.  464 days 13 hrs and 32 mins (time is ticking) in business terms seems an age, but in GDPR terms it isn’t.  I’m a small business and implementing the basics has taken me since Christmas.  OK that hasn’t been full time. I had to earn a bit of money as well, like all businesses,  but there are still things to do.

After completing the GDPR practitioner course in December 2016, I thought I ought to get my own ‘house in order’.  In January full of new year spirit and flu, I set off to be a beacon of compliance.  I don’t hold personal data, so I thought I would sail through the process but I wanted to take the opportunity to do things properly and look at how I worked. Implementing GDPR is a great opportunity to look at the way you work and whether it’s for compliance or not, question your processes and take the opportunity to make improvements.  This is not a message I’m hearing amongst the scare stories of fines 4% of global turnover.  This could be, if looked positively be a great business opportunity, one that could save money as well.

I will confess.  some of my practices had slipped.  First I set about examining what security of my information meant to me as a business.  My risks are probably in line with most small to medium businesses, so I decided to look at the Cyber Essentials certificate and also the IASME governance framework.  Working through these made me think about the what I had in place to protect my data.  I wasn’t too bad, but needed to tighten up in a few areas to achieve certification.  In doing this though I have laid a great foundation for the rest of the GDPR work.  That has to be good.

As I said I still have things to do.  I have to examine how I am going to manage the cookie policy on my website (I drop one security cookie) and also develop a privacy policy and a few other bits and pieces. These I will do over the coming months.  Another key message: start now and pace yourself, implementing GDPR will be a cross country run not a sprint.  Start early and it could even be a gentle stroll.

When I was thinking about implementation of GDPR, for some reason the Millennium Bug issue came to mind.  Eradicating the bug was incredibly successful, as someone who was involved in getting a significant piece of software compliant, I know that the work was really necessary.  On 1 January 2000 the press where stating that it had been over hyped.  It hadn’t what had happened was that businesses had planned and taken time to look at and correct the issues.  Some had even improved their applications.  Time, that is what is needed with GDPR.  And you now have 464 days 13 hours and no minutes.

Advertisements
Easy does it GDPR could be a gentle stroll