Not another blog about EU GDPR fines
Seriously – it isn’t.
Today marks exactly one year to the introduction of EU GDPR, but for many IT staff with purchasing power it will be just another day of having the large fines waved in front of them. (If you’ve clicked on this blog out of curiosity, and don’t know what EU GDPR is then you can find some information here, before reading on.)
Sales and Marketing in technology across the UK have been talking about EU GDPR now for over a year. Indeed, to their mind it’s providing a great sales weapon – talking about huge fines and scary numbers might just create some purchasing power, right?
Unfortunately, the reality is that the more vendors and resellers scream about GDPR, the more the message becomes watered down and IT staff have to try to pick through the pieces to work out what it is they really need to be doing.
Tom Roche is in marketing for Cryoserver, an email archiving software provider, who have been educating their customers and partners on EU GDPR in a series of webinars over the last year
What is actually going to change? For Good and for Bad
Well the truth is that relatively little is going to change for the majority of people. Making sure you comply with laws and legislation is nothing new for the technology world. Our Corporate customers dedicate departments and projects to compliance all the time – and as the way we use technology evolves, it makes sense that the rules around it should change too.
You will have more control over your own data
In fact, EU GDPR is being brought in to take care of exactly the people who are sick of hearing about it. For IT purchasers, one of the most heavily marketed-to groups in the private sector, there will be a new level of control over their data. The list of rights introduced by EU GDPR aim to bring a level of power back to the individual to control where their information is stored and how it is used. The Right to be Forgotten will mean that you can have your PII (Personal Identifiable Information) deleted by companies who are holding it, if you desire. That will include anything from line items in a database to emails that contain information which could be used to identify you.
You need to get all your ducks in a row
Of course, the legal risks which vendors are so keen to point out really are true, and if your infrastructure was struggling to match up to the DPA (Data Protection Act) then EU GDPR could pose some problems which you’ll need to address. The reality is that not a single vendor is equipped to make you totally compliant, and you’re going to have to address each part of your infrastructure independently. Not only that but it’s going to need internal collaboration across multiple departments.
The IT Department will be supporting other departments
Something most of the IT staff we’ve worked with are very used to. Sales and Marketing staff will have to lean on the IT infrastructure once again to ensure they are well-supported in storing, collecting and producing data on customers and prospects. Not only that but account managers and upper management will need to know that the information you hold on your customers is being stored safely and, yes you guessed it, can be produced and if-necessary destroyed.
So What?
So hopefully there’s been some useful information in the above, I’ve tried to remain impartial and focus on the facts. I’ve sat on a number of educational webinars with the MD of our company, something which I’d recommend you do too. There’s no expectation from joining these, they’re just a great way to get some insight into our corner of GDPR, and how we’ve chosen to tackle it.
There are 255 working days until the EU GDPR legislation comes into action. If you’re unlucky that’s 255 working days of being hammered by aggressive marketing, if you’re in the know then it’s 255 working days to build an infrastructure that handles data the way it should be handled