GDPR – The rewards of climbing a mountain is the view at the top!
- 12 July 2018
Every year the Oxford English Dictionary officially recognises new words and abbreviations to add to our great lexicon, such as ‘selfie’, ‘Brexit’, ‘OMG’ or ‘LOL’.
This year, surely the prize for most ubiquitous abbreviation goes to GDPR, whose quiet and inconspicuous arrival through the letterbox at 3GHR Towers last autumn has evolved into a long term residency with a baggage capacity akin to Mary Poppins’s carpet bag.
As most of us are by now well aware, GDPR (General Data Protection Regulation) came into force at the end of May and has made an enormous difference to the way businesses – large and small alike – handle sensitive data. The concept of ‘privacy by design’ means that safeguarding Personal Identifiable Information (PII) must now be a primary consideration for all those that process it; the default is to not hold the data at all unless you can provide a justifiable business reason for doing so, rather than keeping until you’re asked to stop. Obviously, the legislation was necessary and appropriate but also a bit fiddly and potentially time consuming, like getting an octopus into a string bag.
As every good mountain climber knows, to start with a map
I will be the first to admit that, following a lengthy and terrifying series of seminars on the topic last winter – during which the full extent and reach of this legislation became clear – I was overwhelmed by the scope of it. It seemed like project Everest towering in front of me with no easy, flat path around which to drive my metaphorical golf buggy. I was going to need crampons, a LOT of protein bars and, as every good mountain climber knows, to start with a map.
For someone in Operations, building a process map is both satisfying and terrifying in equal measure; a pleasing infographic of the greased clockwork that is your organisation, hopefully with no glaring gaps, double cogs or extra bits that nobody can explain away. For 3GHR it turned out to be a very valuable exercise, as we learned a huge amount about how our working practices have evolved over time and how we may want to revise them in order to make them scalable for the future. Despite an initial deep resentment of what I perceived to be a ‘forced’ process, becoming GDPR compliant has provided us with an opportunity to kick start a wider conversation about how efficient, effective and productive we are as a team. The overriding question we kept in mind throughout was ‘what is our justifiable business reason for holding this data?’. If we are challenged by a delegate, client or associate – or audited by the Information Commissioner’s Office – how would we explain it? The ICO’s website has a lot of useful information and breaks the legislation down into its core principles which is a useful starting point for many businesses. We registered with them, demonstrating a commitment to data protection which many of our clients demanded as a minimum requirement.
We are able to proudly display our Cyber Essentials certification
Hand in hand with the design and theory of a process map go the cogs and gears of technical compliance. 3GHR underwent – with the expert help of our IT support consultants – a Cyber Essentials assessment which requires your business to have all the relevant technical safeguards in place to prevent a data breach. After a nail-biting wait, our certificate was finally confirmed on the day the GDPR legislation came into force, proving my long held suspicion that IT experts have no panic button. We are able to proudly display our Cyber Essentials certification on our website and it goes a long way towards reassuring our clients and partners of our integrity and commitment to keeping their data secure.
It’s a great view from the top
We’ve now responded to data protection questionnaires or policy updates from the majority of our clients and it’s great to see that some of the world’s largest organisations are taking their responsibilities so seriously. We also know that they will have taken a similar journey to their mountain summit – there’s a particular look that seasoned GDPR Wranglers share – and knowing that we have grown our business on the right foundations means that it’s a great view from the top.