This is a question we are hearing more and more people ask. Is GDPR the latest bandwagon on which everyone’s jumping?
Our answer is yes and no. No, because Y2K, which was all about supposed IT glitches when the clock turned midnight to start the new millennium turned out to be either illusory or, where there were problems, they were generally inconsequential and either anticipated or reactively dealt with.
Whereas GDPR is really happening – a major ramp up of both data protection requirements and, we expect, of all our expectations.
UK Government research in 2018 indicated over 90% of us want more control over our data and over 80% believe it is just used for the commercial interests of the person holding it. Our identities are more and more electronic, complex and diffused across systems many of which we don’t even know about. Sound a bit Big Brother? Well it kind of is. Except it’s not the government wielding control – it’s the collective power of those organisations who hold our data that increasingly shapes our identities, our opportunities and our limitations.
Recent publicised data breaches such as those at Equifax, Uber and TalkTalk have demonstrated that the risk of loss of data is real and that it affects many of us – often profoundly. This isn’t some mythical bug. This is something tangible affecting millions of us in the UK and more across the world.
Where GDPR is like Y2K is that it does feel like the world and his wife are offering GDPR services. Multiple clients have raised with us where on earth this huge population of personal data experts materialised from.
People in glass-houses shouldn’t throw stones, but hand on heart, we at TCF can say that we have built our data protection offering on years of experience dealing with data leaks, breaches, customers complaining about the handling of their personal information, reviewing data policies of varying quality, reviewing Information Security arrangements, and directing IT and change programmes all of which have depended on the protection and effective use of personal data.
But we do recognise there has been a huge influx of alleged ‘experts’ into the market, (and, hats off to the compliance provider of a client who recently told them that GDPR isn’t their bag.)
That’s why it’s so important to choose your GDPR expert and your data protection support carefully. It’s important to remember that your treatment of staff, customer and others’ personal data isn’t just about complying with some requirements. This is about trust, operations, your business approach and practical processes which work as part of an effective business. So working with someone who understands operations, culture, change and processes will help you implement your compliance and integrate it with your business.
And is this worth getting right upfront? We asked an experienced CEO who has led a major business through change and customer remediation. As he put it, ‘think a professional is expensive? Try an amateur!’