GDPR - anyone working in this area?
Discussion
GDPR, for anyone who doesn’t know, is the data protection act with extra bells and whistles plus more severe penalties. Due to come into force in May 2018.
A couple of my small business customers have mentioned that they have been contacted by some of their software suppliers offering GDPR compliant upgrades for quite a hefty increase in price. There seems more than a vague whiff of scaremongering and profiteering so I just wondered if anyone here has expertise in this area or perhaps working on a GDPR project? I’ve read a couple of online docs which are tedious to say the least, so I’m just trying to get a handle on how much of an impact this is likely to have for a very small business with UK customers?
A couple of my small business customers have mentioned that they have been contacted by some of their software suppliers offering GDPR compliant upgrades for quite a hefty increase in price. There seems more than a vague whiff of scaremongering and profiteering so I just wondered if anyone here has expertise in this area or perhaps working on a GDPR project? I’ve read a couple of online docs which are tedious to say the least, so I’m just trying to get a handle on how much of an impact this is likely to have for a very small business with UK customers?
It's a slight upgrade from the old rules AFAIK, I agree about the scaremongering.
Webinar about it next week
https://www.brighttalk.com/webcast/5691/263501
Webinar about it next week
https://www.brighttalk.com/webcast/5691/263501
Eric Mc said:
Guess what - today I had such a phone call as well. Every time the government announces new legislation, the parasites move in seeking to make money from the "training" and "extra qualifications" needed.
Its easy and lucrative for the providers they are so eager to jump on the next Prince2.Its a doddle to knock up a training course and exam, or the automated version and create an learning course and online exam.
Usually much easier for the providers as they train to pass the exam, taking little account of knowledge retention, learning styles, change of behaviour etc.
I just find it a bit parasitic No assertion on what Tinrobot is doing, but some of the tactics used by certain commercial operations to try to make money out of increasing government red tape are just plain unethical.
I've been involved in my business over 40 years and this has been going on for years. I've even seen companies set up SPECIFICALLY to train people in a new set of regulations only for the government to withdraw the legislation or cancel it before it was even implemented.
I know people who have lost quite a bit of money because of this - often money they could ill afford to lose.
My attitude is to sit tight and wait and see where the legislation is going before committing myself to training courses or new products, filing systems etc that might need to be introduced to implement new regs.
At the moment, I am being pestered to spend money on Making Tax Digital software and courses - even though the legislation was actually dropped from the most recent budget and we aren't even sure how and if it will be re-introduced. I could have spent thousands so far which might end up being wasted.
I've been involved in my business over 40 years and this has been going on for years. I've even seen companies set up SPECIFICALLY to train people in a new set of regulations only for the government to withdraw the legislation or cancel it before it was even implemented.
I know people who have lost quite a bit of money because of this - often money they could ill afford to lose.
My attitude is to sit tight and wait and see where the legislation is going before committing myself to training courses or new products, filing systems etc that might need to be introduced to implement new regs.
At the moment, I am being pestered to spend money on Making Tax Digital software and courses - even though the legislation was actually dropped from the most recent budget and we aren't even sure how and if it will be re-introduced. I could have spent thousands so far which might end up being wasted.
I work in MA, and GDPR will affect a lot of clients. Naturally, we are working with them to try and make sure that they can keep their mailable database as large as possible. This won't particularly affect B2C that much, but some of the opt in rules will mean big changes to how people market. I, personally think it is a good thing. It will also ruin people buying data, as their data most likely won't be opted in to receive third party comms. Interesting, but will definitely pose some threats.
Is it true that ICO registration will cease to exist?
Our company structure is complicated - mostly self employed agents spread across Europe, dealing with businesses. We don't mass-market to people etc and only use data internally. We took the view that we didn't need to register with the ICO (and neither have other similar companies to ours) but GDPR looks like it'll have more impact.
Our company structure is complicated - mostly self employed agents spread across Europe, dealing with businesses. We don't mass-market to people etc and only use data internally. We took the view that we didn't need to register with the ICO (and neither have other similar companies to ours) but GDPR looks like it'll have more impact.
Eric Mc said:
I just find it a bit parasitic No assertion on what Tinrobot is doing, but some of the tactics used by certain commercial operations to try to make money out of increasing government red tape are just plain unethical.
I've been involved in my business over 40 years and this has been going on for years. I've even seen companies set up SPECIFICALLY to train people in a new set of regulations only for the government to withdraw the legislation or cancel it before it was even implemented.
I know people who have lost quite a bit of money because of this - often money they could ill afford to lose.
My attitude is to sit tight and wait and see where the legislation is going before committing myself to training courses or new products, filing systems etc that might need to be introduced to implement new regs.
At the moment, I am being pestered to spend money on Making Tax Digital software and courses - even though the legislation was actually dropped from the most recent budget and we aren't even sure how and if it will be re-introduced. I could have spent thousands so far which might end up being wasted.
I'd never heard of Making Tax Digital until you alluded to it on a previous thread. Has it been parked for now then?I've been involved in my business over 40 years and this has been going on for years. I've even seen companies set up SPECIFICALLY to train people in a new set of regulations only for the government to withdraw the legislation or cancel it before it was even implemented.
I know people who have lost quite a bit of money because of this - often money they could ill afford to lose.
My attitude is to sit tight and wait and see where the legislation is going before committing myself to training courses or new products, filing systems etc that might need to be introduced to implement new regs.
At the moment, I am being pestered to spend money on Making Tax Digital software and courses - even though the legislation was actually dropped from the most recent budget and we aren't even sure how and if it will be re-introduced. I could have spent thousands so far which might end up being wasted.
I'm working in this area, it's chock full of "experts" from consultancies (with no legal data protection background!) using scare tactics to run huge programs of work. The potential fines for non-compliance are making it an easy target. There is more than a whiff of Y2K about it.
Yes, there are some changes but the underlying principles are largely in force within existing legislation. Most larger organisations already have processes in place that will allow them to fulfil the additional data subject obligations with relatively simple changes to disclaimers, policy and procedure.
The spirit of this legislation is firmly around protecting end-consumers from the unauthorised use of their personal data - which has been largely driven having EU nationals data held outside of the EU in somewhat less controlled regulatory environments. It's obviously got bloated in the process that's turned it into what it is today, but I don't believe it's the monster it's being made out to be by many of the consultancies. All IMHO of course.
Yes, there are some changes but the underlying principles are largely in force within existing legislation. Most larger organisations already have processes in place that will allow them to fulfil the additional data subject obligations with relatively simple changes to disclaimers, policy and procedure.
The spirit of this legislation is firmly around protecting end-consumers from the unauthorised use of their personal data - which has been largely driven having EU nationals data held outside of the EU in somewhat less controlled regulatory environments. It's obviously got bloated in the process that's turned it into what it is today, but I don't believe it's the monster it's being made out to be by many of the consultancies. All IMHO of course.
Sheepshanks said:
Is it true that ICO registration will cease to exist?
DELETED: Comment made by a member who's account has been deleted. Sheepshanks said:
Our company structure is complicated - mostly self employed agents spread across Europe, dealing with businesses. We don't mass-market to people etc and only use data internally. We took the view that we didn't need to register with the ICO (and neither have other similar companies to ours) but GDPR looks like it'll have more impact.
DELETED: Comment made by a member who's account has been deleted. Edited by Sheepshanks on Thursday 15th June 09:58
JakeT said:
I work in MA, and GDPR will affect a lot of clients. Naturally, we are working with them to try and make sure that they can keep their mailable database as large as possible. This won't particularly affect B2C that much, but some of the opt in rules will mean big changes to how people market. I, personally think it is a good thing. It will also ruin people buying data, as their data most likely won't be opted in to receive third party comms. Interesting, but will definitely pose some threats.
DELETED: Comment made by a member who's account has been deleted.Thanks for the replies. I understand and agree with the general spirit of the legislation, but it's too much for the average small business to digest in my opinion. There's a lot of waffle and legalese and once that happens the guys in the shiny suits spot an opportunity!
For large organisations that for example have off-shored or outsourced their HR and IT departments then I suspect they'll have a fair bit of work to do - but that's OK because they generally have the in-house resources, budget and expertise to cope. Small businesses are very different and I can't help feel that there should be an exemption or simplified version for businesses under a certain size. Then of course there's the question of wether brexit will have any effect on all this - this is EU legislation afterall. We're told it wont, but how can anyone know for sure?
For large organisations that for example have off-shored or outsourced their HR and IT departments then I suspect they'll have a fair bit of work to do - but that's OK because they generally have the in-house resources, budget and expertise to cope. Small businesses are very different and I can't help feel that there should be an exemption or simplified version for businesses under a certain size. Then of course there's the question of wether brexit will have any effect on all this - this is EU legislation afterall. We're told it wont, but how can anyone know for sure?
Bikerjon said:
Thanks for the replies. I understand and agree with the general spirit of the legislation, but it's too much for the average small business to digest in my opinion.
One of the (many) things that confuse me is there are frequent mentions of it not applying to firms under 250 employees...but then the articles say "unless....etc"Nobody knows anything for sure - but one thing which is pretty much certain is that legislation in force in the UK that is at heart, based on EU directives, will not be repealed for many, many years, if ever.
At best, what will happen is that over the decades new UK only legislation (assuming the UK itself still exists) will gradually update or replace EU rules and as a result the regulations between the UK and the EU will diverge over time.
The Republic of Ireland broke from the UK in 1921. Even today, 96 years after the event, there are laws on the statute book of Ireland that are based on legislation passed when Ireland was still part of the UK.
And for decades afterwards, new legislation passed in Ireland was often closely based on legislation that had been passed in the UK AFTER Ireland had broken away.
The old Irish 1963 Companies Act was almost word for word a copy of the English 1948 Companies Act.
At best, what will happen is that over the decades new UK only legislation (assuming the UK itself still exists) will gradually update or replace EU rules and as a result the regulations between the UK and the EU will diverge over time.
The Republic of Ireland broke from the UK in 1921. Even today, 96 years after the event, there are laws on the statute book of Ireland that are based on legislation passed when Ireland was still part of the UK.
And for decades afterwards, new legislation passed in Ireland was often closely based on legislation that had been passed in the UK AFTER Ireland had broken away.
The old Irish 1963 Companies Act was almost word for word a copy of the English 1948 Companies Act.
krisdelta said:
I'm working in this area, it's chock full of "experts" from consultancies (with no legal data protection background!) using scare tactics to run huge programs of work. The potential fines for non-compliance are making it an easy target. There is more than a whiff of Y2K about it....
DELETED: Comment made by a member who's account has been deleted. A good read of it can educate, but I think the devil is in the interpretation vs the business in question and taking a pragmatic risk based approach that protects and demonstrates the protection of data subjects. I am also not a legal bod
I'm not saying "just ignore it as it's too complicated" as I agree in principle at what it's trying to achieve. Working closely with small business I know that many just do not have the time or resources to meticulously go through every facet of red tape that gets thrown at them - they simply wouldn't earn any money if they did! It reminds me a bit of PCI compliance when that came in.
I'm sure this will be a job creation scheme for some, but a headache for many more!
I'm sure this will be a job creation scheme for some, but a headache for many more!
Gassing Station | Business | Top of Page | What's New | My Stuff