With less than 10 days until the official implementation of the General Data Protection regulation (GDPR) CEO Today has set out to hear from its readers on how prepared they are, what’s left to do and what the overall mood is ahead of the May 25th.
What have you done to prepare?
Rowena Perrott, general manager at packaging manufacturer and supplier Boxtopia:
Email marketing has been an important focus for Boxtopia in light of GDPR. I’m sure that many people have already seen countless emails from lists they’re subscribed to with a subject line like, “THE LAW IS CHANGING,” as businesses do their best to retain subscribers. The problem is, a lot of people will just ignore these emails and drop off the lists.
We’ve decided to build our email marketing list afresh to stay in line with GDPR and also to ensure that everyone on it is engaged with our business. A new site design gave us the opportunity to make sure our email ‘opt in’ option is in line with the new regulations, and also gave us the chance to incorporate an email sign up option even if a visitor isn’t buying anything.
James Cryne, director of tax software company GoSimpleTax:
The GoSimple software team has invested a lot of time and effort in preparing for GDPR. Our measures have included an audit to double check that we know what personal data we collect and hold, and what we use it for, and adding tick boxes where needed to get consent and ensure we’re processing data on an appropriate lawful basis. All in all we’re feeling ready for GDPR - checking all the regulations and processes reassured us that we’re handling personal data well and have the correct procedures in place.
Lloyd Williams, founder of information management company Shredall:
We’ve done a lot to prepare for GDPR, including amending the contracts for all of the services we provide and our terms and conditions. We’ve also updated our website - which includes a handy GDPR countdown timer - and trained up our staff. The only thing we have left to do is send out the revised GDPR contracts/terms. The nature of our business means it’s imperative that we’re in the know when it comes to the regulations and are on hand to help our clients and prospects comply.
Do you still have anything left to do?
Charlotte Moore, PR specialist for food start-ups at Smoothie PR:
Since the start of 2018, I’ve been following lots of online threads in forums and groups about GDPR to try and find the version that was easiest to understand! I eventually found Elaine Rogers from The Smart VA and I signed up to a series of emails explaining each step in simple English, and she also supplied worksheets to help you audit and update your compliance. I’m in the process of doing all of that now, but haven’t yet sent the ‘please stay on my email list’ email out to my subscribers because I know they’re wading through so many at the moment.
Debbie Leafe, owner of mindfulness, yoga and coaching business Mindfit:
Before I founded Mindfit four years ago, I was an information governance manager for the NHS, so the importance of records management and data protection is not new to me, although, of course, GDPR is. I am currently contacting the recipients of my marketing to establish their preferences; my outstanding action points are the update of Mindfit’s data policy and amending the paperwork that I share with clients to include key points about the data that I hold.
Saj Devshi, co-founder of educational resources site Learn Dojo:
We’ve yet to implement GDPR and have actually decided to wait to see what happens first as we’re in the mindset that it’s all scaremongering. Also, some of the requirements of GDPR, from our understanding, are purely impractical to implement. For example, IP addresses are classed as “personal data” yet we have no way of gaining consent to collect this prior to them landing on our website as our website analytics data collects this information automatically.
We’ve updated our site with our cookies policy just frankly telling people on landing that we collect cookie and data as part of the site functioning but until there is some clear cut examples on how serious GDPR is going to be taken, we’ve decided to wait it out and see how the dust settles and what options prove best.
How are you feeling about the deadline, with just days to go?
Laura Hampton, head of marketing and PR at digital agency Impression:
As a marketing agency, GDPR has been at the forefront of our minds for the past few months, so May's deadline doesn't really worry us too much. What does concern us slightly is the number of businesses who still don't know exactly what they need to do to be compliant.
We've had quite a few enquiries - from both existing clients and new contacts - asking for support or looking for information relating particularly to digital marketing. Can I track users through Google Analytics? Do I need to update my cookie policy? Is the Facebook pixel still allowed? Of course, even once these questions are asked, there may be more to discuss around the data for which a business is a processor, but not a controller.
Whether the majority of UK businesses have left themselves enough time to do that remains to be seen.
Julian Hall, managing director of anger management, stress and emotional resilience firm Calm People:
I’m confident that all will be completed over the next few days. We feel ‘calm’ and confident that we have everything under control and that we will be compliant from the required date, and into the future. Although the number of people we will communicate with will reduce, the quality of our communications will improve.
What do you envisage will happen over the next few months following the regulation's implementation?
Darren Hockley, MD of eLearning specialist DeltaNet International:
An ongoing compliance culture is something we’ve always endorsed as a learning and development company, but I hope the next few months will see organisations settle more comfortably into the new GDPR directives. Less of a box-ticking exercise with a ticking time-bomb attached to it, once the deadline has passed, we see GDPR as an ongoing journey that will see companies implement a compliance culture as standard practice. We imagine the improved rights of the individual that GDPR introduces will empower more people to invoke their right to be forgotten and right to transparency, so it’s important that employees dealing with personal data understand their responsibilities when it comes to complying with such requests.
Edward Worthington, infrastructure and operations director at unified communications specialist VIA:
I feel that fines and punishments will be inevitable, along with significant news stories. I hope this isn’t the case, but history tells us that businesses make mistakes and compliance can slip. The fines and punishments for companies that do not comply are huge and I am sure in the years to come we will see headline news stories and even share prices being affected by non-compliance. Maybe it will take a company to be “made an example of” for lax companies to sit up straight and take GDPR extremely seriously, as we are.
CEO Today would love to hear about your experiences in the run up to GDPR, how your business is coping with the regulations, and what’s next for you. Feel free to discuss your thoughts in the comments below.