GDPR is not just about DATA . . . its about PEOPLE and REPUTATION

Behind every bit of data is an individual, me, you or somebody else.

So if you are tired of reading articles talking about GDPR as the new onerous regulation or a burden that is going to be the downfall of your organisation if you don’t comply because you are going to suffer HUGE fines then this is the one for you.

GDPR is about people, your customers, your prospects, your suppliers and your employees, it’s about data, your data, my data, their data and it’s about how we communicate and interact our privacy practices, it is this that helps to build the reputation of the brand and the organisation.

GDPR is the biggest shake up to data protection in over 20years and in my opinion it is well overdue. We now live in an age where we are all happy to give out our personal data when asked without question. GPDR will cover both the private and public sector; it is helping us safeguard data in the digital age.

GDPR is an opportunity

Yes, really it is – it is an opportunity to build and strengthen trust between and you and your customers, employees and suppliers, GDPR brings in ACCOUNTABILITY and TRANSPARENCY, it is about being honest about why and how you process data, it is putting privacy at the top of the agenda. ‘treating the data of others, the way you would want your own data to be treated’

GDPR is about embedding a privacy culture within your organisation, training your team, building a privacy culture, but how do you do this?

The first step to compliance is to carry out a GAP Analysis, this will give you an overview of where you are now, an assessment of your organisation’s current level of compliance with GDPR. It will highlight the gaps, and help you identify and prioritise the key areas that you must address prior to May 2018, thus using your resources in the best possible way.

Conduct a DATA AUDIT, know the data that you have, How did you obtain it? What do you use it for? What are the retention periods? Consent – is your data fully consented, can you really say that each of the individuals on your database said ‘yes’? How are you obtaining consent?

Let us think about your legal basis for processing – are you using ‘CONSENT’ if so you need to be able to show how that consent was obtained – was it clear and unambiguous? Do you process ‘sensitive data’? Then this consent must be explicit.

Did you know that as the DATA CONTROLLER you have new responsibilities under GDPR, the burden of proof is now upon the controller to show why the data is being processed and of course there is the DATA PROCESSOR, as the data controller you must ensure that the processor you use is compliant with GDPR.

Do you work with 3rd parties, this could be a marketing agency, a call centre, data cleansing agency, as the DATA CONTROLLER you need to check those contracts, you need to carry out due diligence on your 3rd party contractors, remember as the controller, it’s your data – your responsibility.

If you don’t already – take time to get to know the seven data protection principles of GDPR.

GDPR says that all of your policies and procedures must be written using clear and easy to understand language – i.e. you shouldn’t need a dictionary for obscure language or a degree in law to understand your rights! With this in mind – do you need to rewrite your policies and notices?

Data Breach – OK, so the worst has happened, your entire database has been hacked – if you know your data, you will know instantly how serious this is. Ensure you have a clear procedure in place to deal with it – a procedure THAT EVERYONE KNOWS ABOUT and is clear and KNOWLEDGEABLE ABOUT WHAT THEY HAVE TO DO! You have fire drills – have a data breach drill! Know what to do, you have only 72 hours from the breach is found to notify the regulator and if needs be the individuals whose data in involved.

But where is all this leading to? Well it leads straight to your REPUTATION.

No matter how large or small an organisation you are, you can rise or fall on your reputation, a good reputation is valuable, it can win you customers GDPR encourages you to be open and honest.

GDPR can help build brand value

‘ . . in a crowded market place, trust is a strong differentiator’

An organisation that can define the customer experience and find engaging ways to talk to customers about their data, will build trust in their brand. Trust can equal increased rates of customer retention and acquisition which results in increased revenue and growth. A company that is uncaring about their customers’ data will be seen as untrustworthy by today’s savvy consumer, this could cause catastrophic damage to your reputation.

GDPR can Add Business Value

Use GDPR as an opportunity to spring clean your data management systems and processes. GDPR requires a review of your end to end data processing, giving the business the opportunity to ensure that all processes are aligned with GDPR, it enables you as a business to ensure that for the individual, access and control of their data is simple and easy. By streamlining your business processes this should improve efficiency and possibly offer savings for the business.

Building and maintaining a privacy culture needs to come from the top, the SLT (senior leadership team) need to be involved from day one, there needs to be constant monitoring of policies and procedures, a well defined staff training programme and communication structure that constantly reminds and updates staff in the matters of privacy.

Nearly there . . .

Do you know where your data travels to? You need to know, trace your data journey, ensure that any cross border transfers are within the list of approved countries with adequate data protection laws.

Proof, you need to be able to prove that you are doing everything you can to be GDPR compliant, so make sure you have an audit trail, log all training, changes to policies, notices and procedures and if anyone comes knocking you can show them.


Don’t panic,  GDPR is not something to be scared of, see it as an opportunity to spring clean your organisation and showcase your organisation in the very best light, use it to build trust and enhance your reputation, take it as great opportunity.


Any help you need with GDPR is simply a call away.


PrivacyTrust provide privacy solutions to organisations around the globe.