GDPR is coming… stop listening to wrong information!
GDPR is coming into force on 25 May 2018. Although a lot of people are aware of that, many of them aren’t sure what that means for them. I would guess that there are a lot of small businesses who are still unaware that they should be doing anything. GDPR stands for General Data Protection Regulation and applies to anyone who controls or processes personal data.
This post is not a ‘what you need to do to comply with GPDR’ post. That’s because I’m not qualified to advise you about it and to be honest, I’m not 100% certain that the steps I’m taking are exactly right because there is so much conflicting advice and it’s pretty complex stuff. And that’s precisely why I’m writing this post - to say be careful who you listen to.
It can’t be put off indefinitely!
I started getting emails about GDPR last autumn but of course when I saw reference to May 2018 I pressed delete - I had months to get this sorted, whatever it was exactly. It was only last week that I really got myself into action and started to get ready for GDPR. I knew that one of the things I needed to do was get fresh consent from people on my list - wow is that a way to whittle down your email list - I sent an email a few days ago to get the ball rolling and will repeat the process a few times before 25 May. Essentially though, if current subscribers don’t positively respond by the deadline they will have to be unsubscribed. And that’s a good thing really because if they’re not engaged and letting me know that they still want to hear from me, then there is no point in paying my email provider to have them on my list.
Anyway, I’m going off track. There are lots of GDPR discussions around on social media and lots of people providing well meaning advice in Facebook groups and in blog posts. The trouble is, to be blunt, it’s like the blind leading the blind. And to coin another metaphor, “what you need to do to get ready for GDPR” becomes like Chinese whispers.
He (or She) who shouts the loudest...
So basically, don’t take it as read when someone in a Facebook group states what you must do. Unless they’re an expert of course. Some people can be pretty forceful with their views and if they sound like they know what they’re talking about, it’s easy to believe them. Or you read several conflicting views and find yourself feeling pretty stressed because you’re none the wiser and really much more confused than when you started! That’s what happened to me (and I have a legal background!).
Finding a source you can trust
GDPR is not straight forward but there is no need to panic about it. In fact I’m sure there are a good few people who will do absolutely nothing to comply at all, and that’s their decision. But it will be law from 25 May 2018, so many of us will want to do what we should be doing to comply.
A good starting place is the Information Commissioner’s Office website - www.ico.org.uk - which has a whole section on GDPR. It is very comprehensive. The ICO is the Uk’s independent authority set up to promote data privacy for individuals.
For help on interpreting GDPR and understanding better what you need to do, I would recommend joining Suzanne Dibble’s Facebook group - GDPR for Online Entrepreneurs. Suzanne is a data protection lawyer so really does know what she’s talking about. There are daily videos in the group and I would recommend you watch these rather than ready too many of the comments in the group, unless they are Suzanne’s comments!
There is a free GDPR compliance checklist which you can download too. I also bought her GDPR compliance pack which contains templates for all of the documents and wording that you will need - and you will need some if you’re intending on complying with GDPR! You can find that pack here: GDPR Compliance Pack. Although there was a cost, I took the decision that it was worth it to be confident that I was doing the right thing and getting everything in place properly. Please note these are affiliate links but I am only recommending Suzanne’s materials because I am using them myself and finally feel a little more in control - as far as GDPR is concerned anyway!
So that’s my views on this topic. I’ve been meaning to write this post for a few days because I keep seeing long threads on Facebook which are full of mild panic and inaccuracies. What one business is doing is not necessarily right for your business so concentrate on you, not what everybody else is doing!