Image for post
Image for post

Evolving Data Security and Privacy Policies for GDPR Compliance

Here we are, 6 months on from the May 25th deadline and what now for GDPR? If you are reading that sentence and thinking to yourself “GDPR? — that ship has sailed” then I urge you to read on.

GDPR is Still Important

GDPR sets restrictions on how personal data may be used. It demands that organisations communicate clearly and honestly with customers about the use of their personal data. GDPR also gives consumers the power to meaningfully control their data and seek redress when it is misused.

Notice how I use the present tense?

GDPR is here to stay, it is the new normal. A fact which, I fear, may have passed many businesses by — lost in amongst the frenetic activity, eager anticipation and intense speculation surrounding its introduction. Now the deadline has passed, privacy policies have been updated and the staff awareness training has been delivered, it is easy to believe the job has been done. Right?

On the contrary, this is only the start. GDPR compliance isn’t a one off destination — somewhere you reach, park up and get comfortable; it’s a continual journey. Let’s remind ourselves that the GDPR legislation only sets the requirements to which businesses must comply. It does not define the internal processes necessary to support this compliance. Nor does it help you identify how your current processes might change in the future and the impact of this on your compliance. Regardless of whether you had a little or a lot to do to be GDPR ready for May, what shape are you in for being GDPR compliant in 12 months, 2 years, or 5 years’ time?

GDPR is here to stay and compliance isn’t a one off destination, it’s a continual journey. What shape are you in for being GDPR compliant in 12 months, 2 years, or 5 years’ time?

So, 6 months on, now is the time to take stock of what has been achieved; identify any planned work that is left to do. It is also the time to look inward and consider if you are able to remain compliant in the future and through changes to your business. The new GDPR challenge for us all is maintenance.

Here are some useful tips which will help you ensure your approach to GDPR compliance remains fit for purpose over time.

Review and Re-evaluate

Just because you’re not a data processor today, doesn’t mean you can’t be tomorrow. Taking the time to reassess is an important step, which if ignored could see you exposed. The same goes for all relevant policies and procedures. It would be a mistake to see these as set in stone, they should, in fact, change in line with your business else they become inaccurate and outdated. For all GDPR related actions and materials draw up a review schedule to ensure the content and your compliance remains accurate and reliable.

Don’t Assume — Check

Go Beyond Simple Compliance

The intent of GDPR isn’t about making life complicated, it’s about making legislation fit for purpose in line with our evolving online-centric, technology-focused world; so our policies must evolve too.

The best way to achieve this is through seeing the bigger picture and embracing data security as a legitimate business priority. Ask yourself this, which usually has the better outcome, doing something because you have to or doing something because you want to? I have already written in another blog about techniques for creating a positive culture towards data security and they can all be applied here.

The original version of this article appeared on the FlexMR Insight Blog and can be accessed here.

We empower brands to inform every decision at the speed of business by delivering on-demand insight and enterprise grade research technology.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store