Facebook - Shropshire Business Twitter - Shropshire Business LinkedIn - Shropshire Business
http://www.pure-telecom.co.uk http://www.barclays.co.uk

GDPR - what does it mean for businesses?

We’re turning the spotlight on the issue of data protection in our next magazine, and examining what the new GDPR regulations mean for local companies.

Here’s a taste of what’s in store, from Neil Hambley, a Shrewsbury based data consultant with over 20 years’ experience working across businesses from start ups and SMEs through to high profile brands such as Halfords, Land Rover, Time Warner and Capita.

Neil is currently helping businesses prepare for the GDPR ahead of May 25th and is running a series workshops with Shropshire and the Marches Growth Hub.


Embracing the GDPR – Structuring an approach

Although new directives were unveiled in 2016 the GDPR is still a shock to businesses in 2018.

Last year KPMG reported that most businesses ‘have no idea what to do about the GDPR and don’t want to grasp the nettle’. Brexit offered a potential get out clause and convenient excuse to turn a blind eye, but 12 months on the GDPR is here, and set to impact on businesses from May 25th.

Grasping the nettle is now vital! Wading through 200 pages of legislation is not everyone’s cup of tea but deconstructing the regulations can bring clarity and a structured approach for crucial changes come May.


 1 – Self evaluate

The GDPR requires organisations to look at themselves and the way they handle data. It places demands on how data is collected, processed, by whom and for what reason.

The ICO recommends Data Protection Impact Assessments; business audits establishing concerns, priorities and a road map for change. Self-assessment is a logical starting point.

2 – Awareness

The GDPR is as much a business ethos as a set of regulations. Organisations need to develop a long-term, ‘data culture’ from the boardroom down. Not just structures and processes, but training and education at all levels.

3 –Roles and responsibilities

Defining roles and responsibilities helps establish awareness. From, ‘Data Protection Officers’ at the helm, ‘Controllers’ with strategic and managerial responsibilities through to ‘Processors’ working with data. The GDPR clearly outlines responsibilities.

4 – Contact rights

A thorny issue! Organisations must define their right to contact individuals (even existing customers), most likely through ‘consent’ or ‘legitimate rights’. DPIAs will help clarify this but expert advice might help. A small cost now could mean huge saving in the future.

Opt-ins and privacy statements also need be reviewed and updated. Guidelines are generally well defined and explained by the ICO.

5 - Data management

Imagine dealing with Search Access Requests, informing customers of every detail stored about them and erasing them within a month – a GDPR requirement.

Think about managing data efficiently and structuring data processing. Allocate resources and responsibilities.

6 – Remember the data!

The GDPR demands that individuals be treated as individuals and it’s easy to forget that how businesses manage data is as important as the data they manage.

Every day 1,600 people die, 18,000 move house and 240 businesses move premises. The average business estimates that 22% of its contact data is inaccurate resulting in a 12% loss of yearly revenue.

Maintaining clean records, removing duplicates, and unnecessary data isn’t just a requirement but a huge benefit, saving money and increasing efficiency. It also helps businesses maintain a clearer view of customers, build trust and remain close to customers that want to be customers. Quality data should be a considerable business asset.

Responding to the GDPR was never going to be easy, but a structured approach now could solve a lot of problems come May. There is still time.



Cyber experts in date warning

Shortening the 2020 date has consequences

20th January 2020

Telecoms company warns of cyber risks

Experts urge people to keep personal and business information separate

2nd November 2018

Praise for security of cyber systems

Law firm is accredited for good practice

18th January 2019

Business success takes drive and ambition

Consultant puts his racetrack experience to good use

24th September 2018

IT firm backs cyber security initiative

Government pilot scheme offers funding opportunities

20th August 2018

Home working creates even greater cyber risks

One in three UK businesses likely to be attacked

4th April 2020

Cyber crime and modern slavery on the agenda

Partnership approach delivers advice for small businesses

5th November 2019

Get ready for GDPR, lawyer urges businesses

Employment specialist hosts legal protection workshops

16th May 2018

Employment law seminars in March

Topics to include implications of GDPR

19th February 2018

Law firm to help schools on GDPR

And accountant issues warning to businesses over the new regulations

23rd April 2018

Are networking events a data risk?

Telford lawyer sheds light on the matter

2nd May 2018

No one exempt from data rules

Clubs and societies warned they must comply with GDPR

28th March 2018

Data rules shake-up imminent

Companies face 'ticking time bomb', warns industry expert

22nd January 2018

Firm supplies anti-ram barriers

Rise in vehicle attacks brings need for new products

29th October 2018

Data rules - a hot topic

Presentation hosted by county solicitors

5th January 2018