It’s finally here so, if nothing else, the volume of privacy policies arriving by email is hopefully about to drop off.
Small business owners should take some comfort from the words of the UK’s information commissioner, Elizabeth Denham, who was interviewed on BBC Radio 4. “Today is not a deadline. What we’re looking for is commitment to move forward with the new obligations. We are not looking for perfection. It’s nonsense to think the regulator is going to be making early examples of small businesses by levying large fines,” and added, “We are going to be focused on businesses that deliberately, persistently or negligently misuse data.” The latter remains, I believe, the drive behind the arrival of GDPR in the first place.
All being well you will have made the time to document your own in-house policies and shared the appropriate information externally where necessary.
If you are part way through the process, don’t panic but DO persevere and get the paper trail sorted.
If you haven’t made any in-roads into your GDPR preparation, panic isn’t going to help but make that start and see it through. The GDPR requirement doesn’t go away just because your office was still standing as the calendar rolled over from Friday 25th to Saturday 26th May 2018.
I do feel that there have been shades of Y2K with some organisations seemingly cashing in on the fear of GDPR. I have seen “Complete GDPR Documentation” packages advertised for sale which appear to regurgitate the information already available for free and direct from the ICO which is available to everyone (start here).
We can’t write your policies for you as each company’s requirements will be different but we can help you with the all-important IT elements such as ensuring your portable devices are secure, the means of remote access to the network are appropriate, the ability to recover lost data is available, etc. Do, by all means, still get in touch with your IT-related GDPR queries.