Preparing for the new GDPR

You may already be aware that the General Data Protection Regulation – GDPR, which comes into force on 25 May 2018. You may also be wondering what that means for your organisation, your data, your candidates, your employees and your customers amongst other data considerations.

Elizabeth Denham was appointed UK Information Commissioner on 15 July 2016, having previously held the position of Information and Privacy Commissioner for British Columbia, Canada, and shares some of her immediate concerns about what people may be hearing about the impact of the GDPR. You can read the full article here, read on though for her thoughts and at the end of the article a very useful 12 step guide to what you can do right now. 

The General Data Protection Regulation comes into force on 25 May 2018 That’s not new news. But it is a fact. It’s also fact that not everything you read or hear about the GDPR is true.

For the most part, writers, bloggers and expert speakers have their facts straight. And what they say – and sometimes challenge – helps organisations prepare for what’s ahead.

And there’s a lot to take in. The Data Protection Bill announced this week gives more detail of the reforms beyond the GDPR, for example.

But there’s also some misinformation out there too. And I’m worried that the misinformation is in danger of being considered truth.

“GDPR will stop dentists ringing patients to remind them about appointments” or “cleaners and gardeners will face massive fines that will put them out of business” or “all breaches must be reported under GDPR”. I’ve even read that big fines will help fund our work.

For the record, these are all wrong.

If this kind of misinformation goes unchecked, we risk losing sight of what this new law is about – greater transparency, enhanced rights for citizens and increased accountability.

So, I want to set the record straight. I want to bust the myths. Because I know that most organisations want to get the GDPR right when it comes into force in 289 days.

This is the first in a series of blogs to separate the fact from the fiction. We’ll be publishing future myth-busting blogs on consent, guidance, the burden on business and breach reporting.

Myth #1:

The biggest threat to organisations from the GDPR is massive fines.

Fact:

This law is not about fines. It’s about putting the consumer and citizen first. We can’t lose sight of that.

Focusing on big fines makes for great headlines, but thinking that GDPR is about crippling financial punishment misses the point.

And that concerns me.

It’s true we’ll have the power to impose fines much bigger than the £500,000 limit the DPA allows us. It’s also true that companies are fearful of the maximum £17 million or 4% of turnover allowed under the new law.

But it’s scaremongering to suggest that we’ll be making early examples of organisations for minor infringements or that maximum fines will become the norm.

The ICO’s commitment to guiding, advising and educating organisations about how to comply with the law will not change under the GDPR. We have always preferred the carrot to the stick. (And so say all of us at Engage & Prosper, entirely our philosophy too!)

For more information about what you can do to get ready; Download the ICO PDF of the 12 steps you can take now to be better prepared for when the regulation takes effect.

 

Like what you’ve read? Sign up to our employee engagement newsletter to hear more, fresh from the blog.

Engage & Prosper is a UK based privately owned Employee Engagement Consultancy and Social Enterprise, on a mission to help organisations develop a highly productive and fulfilling workplace culture, with their people, through enhanced employee engagement strategies, fabulous and effective internal communications platforms and tailored reward and recognition programmes.

For more information on Engage & Prosper or to discover how we can help you achieve your organisational and people goals please call +44 (0) 330 223 0464 or find out more at www.engageandprosper.com