As a consultant, you must have heard about the General Data Protection Regulation (GDRP)
Give me 10 minutes and we can help each other make sense of this development. Read on.
It is all about data, how it is collected and what you do with it.
What does it mean for your business and the companies that you work with?
The regulation comes into effect at the end of May 2018. and to be honest I have only just become aware of its significance. On the face of it, the GDPR legislation looks fearsome and on some level it is.
While the sky will not fall in, some have said it has the feel of Y2K about it, however, GDPR is a different situation. The new regulation will change a lot that we take for granted and It represents the start of some far-reaching changes in privacy and how we extract data in the digital world.
The change is about the law catching up with technology.
Let’s be realistic, the data protection act was last reviewed in 1998, and that was pre-social media.
What we have at the moment is a total disregard for how personal data is collected used and shared.
The changes set out by GDPR codify how and what personal data is collected, how it will be used, organised and destroyed. There is also the right to be forgotten. It is all about permission and the levels of agreement.
However, What About Consultants?
GDPR is going to change how we do business. As a marketing consultant, I handle a lot of data, and most of it is client data. How will this new law affect my business?
As a company, you will need to implement systems for the collection, handling and deletion of personal data. There is also a big security aspect, even losing your phone could be seen as a potential data breach. You will have to keep audit trails to show
You have permission to collect and use the personal data,
How you are using the data,
How it is securely stored and deleted.
What you do in the event of a breach
A bigger issue for consultants is working with your client’s data or on their premises with their data, processing or using that data. Do they have permission? Are you breaking the law on their behalf? Your policies and systems will need to be compliant with your client’s policies.
It is all very confusing and currently, there is no certified standard or process to work towards. It is new legislation and until tested it is open to interpretation. There are no certified GDPR advisors until this stuff gets tested it will all be open to interpretation.
A Solution for Consultants
I am currently working with a GDPR specialist and realised that my research could help others with the same worries and concerns. The plan is to release some materials for consultants early in the new year. We will have to get this product tested with a QC before we are allowed to release it.
The aim is to provide support for consultants like you to stay on the right side of the GDPR fence.
With all of that in mind, I need to know the problems you face. I have created a simple survey and would appreciate your feedback. It is just 2 main questions. They are open text questions so you can say as much as you like.
If you could take 10 minutes to look at the survey below it would be appreciated.