GDPR - anyone working in this area?
Discussion
GDPR, for anyone who doesn’t know, is the data protection act with extra bells and whistles plus more severe penalties. Due to come into force in May 2018.
A couple of my small business customers have mentioned that they have been contacted by some of their software suppliers offering GDPR compliant upgrades for quite a hefty increase in price. There seems more than a vague whiff of scaremongering and profiteering so I just wondered if anyone here has expertise in this area or perhaps working on a GDPR project? I’ve read a couple of online docs which are tedious to say the least, so I’m just trying to get a handle on how much of an impact this is likely to have for a very small business with UK customers?
A couple of my small business customers have mentioned that they have been contacted by some of their software suppliers offering GDPR compliant upgrades for quite a hefty increase in price. There seems more than a vague whiff of scaremongering and profiteering so I just wondered if anyone here has expertise in this area or perhaps working on a GDPR project? I’ve read a couple of online docs which are tedious to say the least, so I’m just trying to get a handle on how much of an impact this is likely to have for a very small business with UK customers?
Thanks for the replies. I understand and agree with the general spirit of the legislation, but it's too much for the average small business to digest in my opinion. There's a lot of waffle and legalese and once that happens the guys in the shiny suits spot an opportunity!
For large organisations that for example have off-shored or outsourced their HR and IT departments then I suspect they'll have a fair bit of work to do - but that's OK because they generally have the in-house resources, budget and expertise to cope. Small businesses are very different and I can't help feel that there should be an exemption or simplified version for businesses under a certain size. Then of course there's the question of wether brexit will have any effect on all this - this is EU legislation afterall. We're told it wont, but how can anyone know for sure?
For large organisations that for example have off-shored or outsourced their HR and IT departments then I suspect they'll have a fair bit of work to do - but that's OK because they generally have the in-house resources, budget and expertise to cope. Small businesses are very different and I can't help feel that there should be an exemption or simplified version for businesses under a certain size. Then of course there's the question of wether brexit will have any effect on all this - this is EU legislation afterall. We're told it wont, but how can anyone know for sure?
I'm not saying "just ignore it as it's too complicated" as I agree in principle at what it's trying to achieve. Working closely with small business I know that many just do not have the time or resources to meticulously go through every facet of red tape that gets thrown at them - they simply wouldn't earn any money if they did! It reminds me a bit of PCI compliance when that came in.
I'm sure this will be a job creation scheme for some, but a headache for many more!
I'm sure this will be a job creation scheme for some, but a headache for many more!
TinRobot, appreciate your contributions but honestly if you couldn't provide any compliance guarantees then the kind of customers I deal with would never go for it. They're not looking for someone to take them on a GDPR journey, they just want someone to look them in the eye and say they'll sort it so that they can move on to dealing with the next issue of the day. The (very) small business sector is a little brutal like that!
I suspect a medium size business or the larger (but still small) businesses would be more accommodating and would have sufficient complexity to require ongoing external help.
I suspect a medium size business or the larger (but still small) businesses would be more accommodating and would have sufficient complexity to require ongoing external help.
Eric Mc said:
I'm just wondering what great benefit this set of regulations will bring.
I'm sure you're not the only one! I'm all for protecting genuinely sensitive information, but when half the nation seems to "share" their life on social media for anyone to see, it seems a bit hypocritical for businesses to tie themselves in knots protecting what in many instances will be relatively trivial data. anonymous said:
[redacted]
Good example, although I have to say I rely on DPD a lot and have found them by far the best! 1 text and 1 email with an hour time-slot is a very welcome form of communication for me - bizarre you get 3.Can't help feeling this is just part of modern life though. I know some people get very uptight about this, but I just wonder in the scheme of things if it really is that big a deal? By all means protect medical, financial, legal data etc with the appropriate legislation, but I really couldn't care less if a courier company retains my name and address for a bit longer than it should.
As this thread continues to demonstrate, there are more than a few areas of GDPR that appear to be open to interpretation or where viewpoints will differ. Until such a day where this legislation is a bit more "solid" I wonder if anyone has looked into getting some form of insurance cover that protects against investigations and any subsequent fines that could arise? Does such insurance cover exist?
I've certainly observed the GDPR statements/emails going into overdrive this last week in particular. I can't say I've actually seen anything that was written with Joe Bloggs the public in mind though - most of it is still tedious legalese that you would need a lawyer on hand to understand - either that or a lot of free time on your hands!
I wonder if there will be notable casualties of the new regulations come May 25th? Interesting to see how the ICANN/whois database situation plays out as that's one example where I'd prefer my data wasn't published.
I wonder if there will be notable casualties of the new regulations come May 25th? Interesting to see how the ICANN/whois database situation plays out as that's one example where I'd prefer my data wasn't published.
Now that my inbox is getting filled with tedious GDPR requests to opt-in, opt-out, view pages of boring policy etc I can't help feel that this is going to damage email marketing beyond repair. Targeted emails must still be one of the most affective ways of generating sales, so anyone who's relying on this is surely going to take a hit - initially at least. Or will it all just carry on as before once the dust settles?
b
hstewie said:
hstewie said: If you're doing things right already (confirmed opt-in) you've probably already taken a hit.
The deluge of opt-ins/outs has only really started in the last few weeks though hasn't it? I imagine any business that relies on email marketing would be holding off sending the opt-in email until as late as possible because they must know that their once precious email list is going to shrink massively as soon as they send it. I wouldn't like to be in the email marketing business right now...I don't think anyone actually knows! You can already see how much confusion this one aspect is already causing. My understanding is that If you are an existing customer/subscriber then "legitimate interest" should negate any need to opt-in for a second time - but who really knows for sure?
Marcellus said:
or am I missing something?
I think you might be! Just look at the variations on how repeat email opt-in/out is currently being interpreted. If these regulations were so well put together, why do we have such a mess on this one aspect? A lot of these emails are coming from blue chip organisations who no doubt have had large GDPR project teams/committees in place for some time. If they can't get it right, what hope is there for the much smaller business who, dare I say it, have far more pressing issues to contend with?Gassing Station | Business | Top of Page | What's New | My Stuff