With the 25th May deadline looming closer, it may seem like an impossible mountain to climb to get GDPR compliant in time.
Many business leaders will feel like they are the only company not to have started the process, and are a million miles away from being compliant, but this is simply not the case.
Research at the start of this year showed that 60% of firms across the entire EU were not compliant, nor did they feel they would be ready for GDPR in time. What’s more a high proportion of those had yet to pull together a plan of action. Closer to home we are finding many of the firms we talk to are in the same boat, and that a surprising number of firms have managed to avoid mention of GDPR or thought it was not relevant to them.
Whether ignorant of the relevance of GDPR to every company, or confused by the contradictory information coming from multiple sources, one thing is common, many business leaders seem shell-shocked and unwilling to start the process.
For some it seems an unsurmountable task, with the complexity of the regulation, the timescales, the severity of the consequences, and the sheer size of data that this may impact, many leaders just down know where to start.
Which is probably why our seminars and workshops on getting started with the GDPR have been so popular, many managers and leaders just want that jump start and guidance to get the process started. We have also noticed a trend starting to develop amongst the people that we talk to, many feel that the regulations will cripple the way they do business. For those not starting it can feel that if they don’t take part then they can carry on business as usual, although the risk to the firm can be significant.
However, many of these fears are based on a misunderstanding of the regulations, and in fact their business processes are not affected by the GDPR regulations, instead they are covered by the Privacy and Electronic Communications (EU Directive) Regulations 2003 (PECR), which is soon to be replaced by the much broader regulation on Privacy and Electronic Communications (ePR).
It is busting these popular GDPR myths, and being introduced to the regulations that do impact your business, which makes finding the right advice so important, and our workshops so popular.
If you do find the right trusted advisor, you can lift the fog surrounding the regulations, bust the myths that have been fired back and forth by the marketing people within the technology and security camps, and get some sound advice on those first few steps. Once you do you will be quickly wondering why you had not started the process months ago. And once you start, meeting that deadline will be within reach.
Unfortunately, some firms out of panic in some cases, have made major investments into buying in Data Protection Officers, either in house or as a service from an external supplier, handing over all responsibility to an external agent. Some of those that have done so, still feel no more comfortable that they will achieve the deadlines than those that have done nothing at all.
For anything other than a large organisation, this can be an expensive exercise, and one that doesn't end at May. If you don’t take part in the journey to compliance, you don’t necessarily learn and evolve along the way, you don’t gain the knowledge of how you have got there and will be ill prepared to retake the reigns further down the line.
There is just no need not to take control, everything surrounding GDPR is completely within a manager’s capabilities, and there is nothing to prevent you running this through, from start to finish internally. With a bit of guidance at the right points, everyone is capable of taking their firm on this journey.
Granted some firms don’t have all the internal resources they need to tackle all of the problems, it may be they don’t have enough staff, they have most but not all of the skill sets required, and the most common problem not having enough time, this is where picking the right partner to work with is paramount. You need to find partners that you can take just what you need when you need it.
With this in mind FDR Law have worked hard to put together an expert team to provide a suite of services to slot in alongside your ongoing GDPR endeavours.
The team consists of experts in Data Compliance and Governance, Employment and HR, Contract Specialists, Litigation and Commercial Solicitors, Technical Engineers and Cyber Security Consultants. We have everything you need to help you meet your GDPR responsibilities.
Some of the services we can help with are:
- Workshops on getting started, Myth Busting the GDPR, and putting together an action plan
- Guidance with company data audits
- Drafting and amending terms and conditions with clients /suppliers
- Overview and guidance whilst building your privacy notices
- Help creating new policies or updating existing policies to meet the new requirements
- Training packages that include training key staff members as an internal Data Protection Officers (DPOs), overviews of the regulations with senior managers, and overall staff training on specific GDPR obligations, and new company policies.
- Legal advice on supply chain data issues
- Guidance on putting together your process for handling data breaches
- Dispute management and litigation advice
If you feel you could do with some help in any of these areas then call the team to discuss your specific needs today on 01925 230000, or contact us at firstname.lastname@example.org
Either with our help or without it, everyone needs to start working towards GDPR compliance now, as May is not that far away and that clock won’t stop ticking.