PrimeConduct - GDPR & DPO Services

GDPR or Scuba Diving in Maldives

GDPR – “I might as well give up and go scuba diving”.
Smaller business owners in particular find Government legislation rather like a deluge pouring over them with its weight and complexity. There are 2.67 million businesses in the UK, 40% of these are businesses have less than 100 employees. The effect of regulation is of course disproportionate for smaller businesses compared to larger ones as time and resources are limited. The impact is greater because spending time on dealing with regulation is time lost to managing a business and making profit.

When GDPR and the UK DPA 2018 finally arrived, it began to have an impact on these businesses and like many others, we saw the arms thrown up in despair about how to manage the new responsibilities. As is often the case, people turned to short cuts and fixes that they hoped would paper over the cracks in their defence against the dark arts of bureaucratic intervention, or that at least is how it has been seen.

The short cuts included template Privacy Policies, with no effort expended in adapting to the reality of the business, and buying bits of software that either restricted the business or turned out to be very expensive partial solutions. Don’t get me wrong there is of course valuable technology out there that will help most businesses but rather like a tape measure, the tool may help me measure the size of the task but not necessarily bang a nail into the wall.

Part of the challenge with Data Privacy legislation is how far reaching it is, and even if the day rate of professional practitioners or lawyers is reasonable or market competitive, there are still many days of effort to get a grip on compliance, so the total bill can become unaffordable. It is also the Catch 22 as without external help the small business has little time to apply to the task.

There is no accessible directory of affordable practitioners specialising in this space that businesses can call on to get advice and help them through the process.

Every business has to keep a set of financial accounts, what is coming in and going out. You can of course keep it all in a box until the end of the year and then spend some frantic time getting it together for your annual return or audit. However, that is to miss point and the obligation to manage your business. The numbers tell you month on month how you are doing and of course where you may need to act. Data Privacy management is the same, last year’s audit does not tell you how you are currently doing, a once off certificate does not mean you are still compliant.

One business owner we worked with was so overwhelmed by the regulation and the potential restrictions on their business practices that they exclaimed “I might as well give up and go scuba diving in the Maldives”. A rather nice idea, but we persuaded him we would solve his challenges and we did by helping this Director understand how they could be compliant and also add value to the business through this process.

This is in fact the most important aspect of Data Privacy regulation, which you can regard as an overhead with financial risk attached and view the whole subject negatively, or you can decide that the glass is half full and that real business value can be added through,

    All of this delivers opportunity for your exit plan and your conversations with a future investor or take over offer.

    Understanding the data you have, and how you can use it is far better than guessing what marketing plan you can execute effectively, or indeed where best to invest. For instance, knowing the geographic distribution of your customers could impact where you invest in infrastructure, people and supplies.

    So, don’t give up on your business that you have poured sweat and tears into and go scuba diving. Don’t assume that all legislation is just an overhead to please some bureaucrat somewhere, the GDPR is about your rights as much as anyone else, and the ongoing management of Data Privacy in your organisation can bring benefits to you, value to your business, and put your mind at ease. A quick review can determine whether you have all the pieces of the puzzle, or whether a few cracks have just been papered over. It is not just about compliance, it is also about growing your business on a sound footing.

    I’m off to do some DIY with my tape measure and a hammer 😃