20 Million Reasons Why You Shouldn’t Ignore GDPR
The next time we spend €20 million, we’d like to get something in return – preferably something with a pool, tennis courts and a vast garage stuffed with exotics.
Sadly, we don’t have that kind of spare cash lying around, so we’re sitting up and paying attention to GDPR. Fines are not fine with us.
We’re not lawyers, legislators or any other kind of data protection experts, so we’re facing this challenge very much from the same perspective as you’re likely to be.
Like many of our clients, we’re a small business striving to compete and win, investing all of our energy into delivering as much value as we can. We’d rather not have to take our attention away from you and your needs for excellence in website and print design. Unfortunately, the EU hasn’t given us much choice in the matter so we thought we could at least help you out with a few useful articles along the way.
To kick things off, here are some of the resources that we’ve been using to ensure that we’re looking after your data in a responsible and compliant way.
The Least You Need to Know
Here’s a summary of what we think are the key points from a business perspective.
1) Can you ignore it? Probably not, because the scope of the legislation includes the processing of personal information of EU citizens. The location of your company doesn’t exclude you.
2) When do I need to take action? Now. The legislation comes into effect on 25th May 2018, and there’s a lot to do – or at least there’s a lot of things that you’ll need to confirm that you don’t need to do.
3) What’s the risk, really? Well, the headline numbers being reported everywhere are the maximum of €20 million or 4% of annual global turnover – whichever is higher. There’s also a lower tier of €10 million or 2%.
The ICO (Information Commissioner’s Office) was previously able to issue a maximum fine of £500k, yet has never issued a fine of more than £400k.
However, it did issue 59 fines in 2017, totalling over £3M. At the time of writing, the ICO has already issued seven fines in January, with one of £350,000 for “…failing to ensure that marketing calls were only made to individuals who had consented to receive marketing.”
We’ll let you decide.
The Horse’s Mouth
Rather than repeat the same key points that you can easily find on thousands of other blogs, call it an article and put the kettle on, we thought it would be more useful to pull together some links to the authoritative resources:
- The Home Page of EU GDPR
- “Regulation (EU) 2016/679” (PDF) – EUR-Lex
- The regulation in a browseable format – Intersoft Consulting
- “Guide to the General Data Protection Regulation (GDPR)” – ICO
That last link will take you to the website of the Information Commissioner’s Office, and in addition to having their full guide you’ll also be a click away from the following handy resources:
- “GDPR: 12 Steps to Take Now” (PDF)
- “Getting Ready for the GDPR Checklist” which is an interactive self-assessment.
The maximum fines are obviously pretty scary, and the steps to achieve compliance are probably not going to be quick or cheap. We’re not worried though, and we don’t think you should be either.
According to the Federation of Small Businesses, 60% of all UK private sector jobs in 2017 were in small to medium enterprises. That’s 16.1 million jobs, created by businesses like ours and yours. We’re the real deal. We can handle GDPR.
At MSGD we’ve been taking this one step at a time to make sure that your personal information is safe with us, and that we know how to help you with the compliance of your website. We’ve been finding that it’s not so scary once you get started, and we’re sure that you’ll find the same.
Hopefully, these resources will put you on the right path, just as they have for us.