After the scramble for businesses to be ready for the implementation of GDPR on May 25th, one month on and there’s still a lot of activity happening.
Fortunately, our email inboxes are no longer filled up with desperate requests from organisations wanting to never lose touch with us. We’ve managed to dramatically reduce the amount of un-read emails we are getting, which is one of the most positive outcomes of GDPR!
Whilst the focus has been very much on large firms, there are serious on-going implications for small and medium sized businesses. Many are “still struggling to get everything done. They’re being tactical, looking at the priorities, for example, making sure public-facing policies are rolled out, breach-management procedures are sorted out,” says Luther Teng, risk advisory senior manager at accountants EY.
One of the most important points to emerge over the past month is that GDPR compliance is about a lot more than just making sure everything was ready for May 25th. It is an on-going process, requiring constant review and amendments. As practises and technologies change, so businesses will need to ensure they continue to be acting within the law.
Whilst some companies are still needing to act to ensure they are within the law, there are concerns that other businesses will adopt a risk-averse approach, and over-compensate. Date breaches need to be reported to the Information Commissioners Office, and there are concerns that events will be reported which don’t need to be.
Many businesses are seeing the introduction of GDPR in a positive light, viewing the changes as an opportunity for their brand to inform customers about what they do with information, to become much more transparent, and to build meaningful communication with customers. By building trust and integrity, companies can derive substantial benefits in the long run.