I’ve been talking about GDPR for quite a while now, but I haven’t really shared my story and how I ended up offering GDPR support services to other businesses when I was once terrified at the mere mention of it! I’m hoping that by sharing my story, I can reassure other business owners that it really isn’t that scary and give an insight into what you need to be doing and why.
August 2017
After talking about GDPR to my networking contacts, associates and clients I was somewhat bewildered and confused. So many people hadn’t heard about GDPR, even less understood what it was and the implications it could have on small business. There was a dire lack of information online as the actual law was still a work in progress.
I knew that I needed to take action about GDPR and inform myself of what it truly meant.
I found the KoffeeKlatch support group for Virtual Assistants and discovered the information and support that I was looking for. I started to watch the videos and read the posts, and I began to get a basic grasp on GDPR and the steps I would need to take within my own business to ensure that it would be compliant.
I started my data audit by listing all the systems I used for my work and that of my clients. I also started to review my processes – how was I obtaining personal data and why was I using it? Did I really need to be using it for my work?
I also made a start at looking at encryption for my laptop and other devices I use but I got a bit confused on how to go about this. I realised that I couldn’t encrypt my laptop because it was too old and I ended up getting a bit panicked about it all!
So I decided to stop, take a deep breath and continue looking at my processes, systems and data audit until I had more information.
January 2018
It was at this point that I decided to stop sending newsletters to my subscribers. This was partly due to consent and needing to re-opt in but also because I felt that a change in marketing focus would work better for my business.
You can find out more about re-opting your mailing list in my blog here with some top tips on making it as quick and easy as possible.
February 2018
The 25 May was getting ever closer, and I was finding that so many business owners weren’t even aware of GDPR let alone preparing for it. That’s why I decided to offer GDPR and data auditing as a service. I’d completed my own data audit by this stage and had a clear understanding of what to look out for and how to document everything accurately.
From here things snowballed somewhat as news got out about my GDPR service and people started flocking to me for help! It’s always good to get new customers and be able to help, but I had no idea when I started Banks’ Business Solutions that data protection services would be something I’d end up offering!
May 2018
Am I ready for GDPR? No, not yet.
I’d got a new laptop that I could encrypt and would be safe when travelling abroad during the summer with my family. I hadn’t moved all of the data onto the new systems and I didn’t have a compliant cookie policy in place as the guidance hadn’t been finalised yet by the ICO.
I wasn’t stressed though.
The ICO specifically stated that they will be working in an advisory capacity for the first year to help business owners become compliant, no one was expecting every business to be perfect by the 25 May. I knew that I had done all that I could and that I could update and change things to become fully compliant as more information became available.
Regularly reviewing policies, procedures and systems is the key to being GDPR compliant
Roll on to today and my cookies policy is in place, my data has been transferred to my laptop, and I’m as compliant as I can be at this moment in time. I know that things are likely to change over the next 12 months and that there’s also an update to the Privacy and Electronic Communications regulations coming up that will work in hand with GDPR and may need me to tweak things some more.
I am confident that if ICO should come knocking on my door that I can provide evidence that I have made every effort to be compliant and put the appropriate safeguards and protection in place for the personal data I hold within my business.
If you’re still unsure about GDPR, what you should be doing for your business and feeling a bit stuck like I was last year, get in touch with me today to find out how I can help you feel confident and closer to being compliant.