There are still many businesses today who have done very little with regards to GDPR and some who have done nothing. Many people still ask me was GDPR a waste of time?
There are a few problems with this question. First GDPR was never a one-off tick box exercise but something that should be part of your business processes and on your leadership agenda every quarter at the very least.
But did anything actually happen?
think that this is just for big business? Or it does actually apply to those ignoring the impact GDPR has on marketing? Think again.
TThe fines are starting to be issued by the ICO and it's for companies of all sizes. The list is getting bigger each week and the fines are not small. I am not saying this to scare you at all, it is because I hear every day how GDPR won't affect them and they are not going to get fined and maybe the won't but is it really worth the risk?
Take a look through that list and you will see all kinds of companies being fined for all kinds of reasons. This is not just major breaches but marketing related as well. Marketing without the proper respect for peoples data is not going to be tolerated. Just calling everything legitimate interests is not going to be enough and these fines prove it.
What can you do?
There are lots you can do but first, I would suggest an understanding that any efforts you have made so far were not in vain. Was GDPR a waste of time? No, it really was not and if you need to get back onto it and getting your documentation into place sooner rather than later.
Remember that the ICO will take into consideration that you are a small business but that does not excuse the fact that you will need to get the basic documentation in place to show that you have put in place the right measures to protect the data that hold.
One of the things I see many companies fail with is staff training, this is a basic requirement if you have employees. Basic awareness training is required for all members of your team and there are many ways you can do this including online courses or getting someone in to do this all in one go like I often have completed for some of my clients.
GDPR is not going away.
It really is not going away, this is going to be a topic of conversation for quite a while yet as more and more companies pick up fines and then people start to realise that this is actually something they need to do.
So please do not be one of those companies who get fined for simply not taking the time to document how the look after personal data. Yes, it takes time but there is lots of help available and if you need help then please do reach out to me and if I can help then of course I will.
Here is the list so far with all the fines as well https://ico.org.uk/action-weve-taken/enforcement/