We are now within a year of GDPR coming into force in the UK and I have spent the last few months wondering what people are actually doing about it right now. My inbox is on fire with press releases on the subject and I have even had a few who are offering ‘GDPR compliant’ solutions to customers. Despite this, I suspect much of the Channel hasn’t done much to address it yet.
I met with IT infrastructure reseller, Justin Harling from CAE Technology, last week to talk about his plans around the new directive. He has already had some consultants in to talk about his own business first, he’s then going to be looking at using this third party to get his customers up to speed.
He joked as he handed me his business card, suggesting I keep it somewhere safe so the GDPR police don’t find out! Although amusing, he makes a good point. Business cards have contact details on them, what is the protocol for keeping that data safe under GDPR? Also, what kind of fine would that get me?
Much of this is unknown, some unlucky company will get dragged over the coals after May next year and at this point a precedent will be set.
It’s important for partners to sort this out sharpish, you don’t want to be one of those first few companies that get made an example of. Also, this isn’t just a technology problem. Data protection solutions have been around for a long time and the question is how they fit into this directive.
Time to call in the lawyers.
Harling said he’s using this third party specifically for their law experience, which also comes with indemnity insurance which could be crucial in case of a non-compliance claim. His T’s & C’s are getting a revamp too.
In essence, he told me he’s glad he has started the journey now. Although a year away, there is still plenty to do on the technical side as well as instilling a new cultural mentality in his staff.
The overwhelming message, start now!
Date Line: 30 May 2017