What went wrong on the 25th of May?
For those companies who had the option to employ someone to organise their GDPR data, you would think it meant they could be sure of their ‘to the letter’ compliance with the new regulations. However, it wasn't just those who were balancing working, running a business and family life, trying to make sense of this rather daunting prospect who found it challenging. Leaving things to the last minute meant some companies got it so very wrong.
The 25th May is a date which resonates in all of our minds. Privacy is something we all take seriously; we wouldn't parade around with our pin numbers attached to our wallets, so why has virtual data privacy taken everyone by surprise? Asking a company to be careful with personal information isn't too much, is it? However, from a business perspective, being GDPR compliant isn't as simple as it sounds. The wording has to be just right. Coercing people into agreeing to new policies is not compliance, asking a user to ‘un-check’ a box rather than opt-in, is not compliance and ensuring that everyone is given the ability to change their mind at any point, is also essential to be compliant. Even with some of the biggest names in the world; Facebook, Instagram and WhatsApp, experts have seen some concerning factors within their GDPR policies.
Research found that in the month leading up to the dreaded deadline, 45 per cent of UK businesses actually set money aside in anticipation of fines. So why did everyone leave it to the last minute? With GDPR checklists seemingly being produced by every company you could think of, the prospect of fines being issued for non-compliance and the introduction of the free Subject Access Request (SAR), businesses did have a lot on their plate. The unclear, confusing and bombardment of information was surely partly to blame for business owners feeling the strain to sort their data out by 25th May.
After all the build up and now over four months later, are businesses able to relax? No, many companies still feel like they are not compliant. Smaller organisations can lack the proper methods for storing, organising and retrieving data in line with the regulation's requirements, and this combined with the strict guidance on re-permissioning emails could mean a large number are in fact, still not compliant.
If you are dreading the call regarding a non-compliance regulatory fine and the mention of ‘the GDPR’ sends a chill down your spine, our expert team are on hand to put your mind at rest. Agreement creation, consent requests and the recording, checking and storing of data are all part of the ConsentEye Agreement Builder. It’s never too late to sort out your data, contact us to see if we can help.