Was I Right to Delay Becoming GDPR Compliant?

Business Strategy InformationA year ago I wrote 3 blogs on what businesses needed to do in order to be GDPR compliant in time for May 25th 2018.

At the time much was about definitions as the requirements of the Regulation were being worked upon.

Now there are answers for most (but not all) areas so time for a re-visit to see whether holding off was a good idea.

Positive Outcomes of Delay

The first positive outcome of my review last year was that it caused me to focus on the personal data I was using in my business and how I was using it. As a marketer that focus is about the quality of the individual relationships and progression through a marketing funnel. The by-product of this focus was that I got more and better business, which meant I put off reviewing GDPR as I was busy. Whoops!

Since I last looked at the Information Commissioner Office’s website, they have uploaded some very useful checklists . When I say useful I also mean scary. GDPR fundamentally affects how anyone is doing marketing in Europe. All businesses need to rethink how they can effectively and legally use:

  • Their prospecting system
  • The customer relationship management systems they use.
  • Their market research profiling tools.

The checklists are great tools to understand your progress to compliance with handy information pop-outs and a rating of where you currently are. You will probably find that you need to work through more than one checklist. They may eventually numb your mind as you realise what is still left to do to be GDPR compliant.

Negative Outcomes of GDPR Delay Till May

GDPR is complex and in places can be logically contradictory. For example the best way for a computer to prevent re-entering a deleted record is to keep a record!

While parts of it have become more concrete, with a month to go some areas are still under construction. Anyone needing to have a processor contract in place needs to create it themselves, as there are no best practice examples or a list of areas that must be covered.

Waiting so long has made this another task that is urgent and important. And for my business there appear to be 10 policies to write, 7 processes to  map and execute, 5 pieces of legalese to drafted or people to trained and a fee to pay. Still a month to go, so plenty of time!

So Was I Right?

So the doomsayers who say we are all going to die when GDPR goes live might be correct. But in my case only probably from the effort of getting there by leaving it so late.

And the reason to do it, is not the fine. But because fundamentally GDPR is about sound real relationships that enable your business to prosper in the information technology age. So start now to be GDPR compliant as soon as you can.