GDPR doesn't affect me, does it?

I have been wondering lately about this, as I'm sure you have too, and it prompted me to properly investigate and write this blog. Please don't take this as a final word, as it's simply my take on things!

So what is it?

GDPR is the acronym for the General Data Protection Regulation.

'General' meaning the regulation is for people and businesses and is an umbrella for everything in between.

'Data' meaning the information stored that has details about who you are, what you like, your sex, orientation, religion, eating preferences, a.k.a your personal identifiers etc, etc.

'Protection' meaning it exists to keep people and their identities safe from being exploited and is a standard that helps keep data-sharing happening between entities, without the fear of misusing or selling the data. It also gives people and businesses the ability to know how and why their data is being stored, and the freedom to request that it is not.

'Regulation' meaning it is a standard that must be kept, that this is legally enforceable and that if not adhered to, will have consequences, like a criminal offence.

Why is it in the news?

The European GDPR has changed. In fact, this change happened around two years ago, and enforcement of this change goes into effect on May 25th - hence more public awareness of it lately.

Why does this affect me - I'm in the UK, not Europe?

Although it is the European GDPR that has an enforcement date looming, it doesn't take away UK businesses' - small and large - responsibilities to adhere to these 'new' regulations. The reason is, that if any employees, clients or suppliers fall into the European catchment, then the UK businesses need to adhere and follow the regulations standards, for these people/businesses.

Does this affect the company I work for?

Yes, for the exact same reason as above. But also because it will change how companies are forced to work/process data. Similar to the fact that there is a minimum wage all companies must adhere to, there is now a process for personal data storage companies must adhere to too. Companies need to prove they have adhered to the GDPR and, in many instances, employ someone solely for the task involved to keep everything in order. Obviously, depending on the size of the company, creating a new role for Data Protection is not always possible, but having a designated person responsible for this, and an established process is now a must, not a nice to have.

What happens if I don't comply?

This will also come back to your contract within that company, but most probably it will be written into your contract or an amendment to your contract will be agreed upon and you'll have to agree to it.

Does it affect the way I work?

Yes it will. Your company will no doubt be issuing a statement on their processes for data storage, (if they've not already done so), and this in turn will mean that you have to adhere to this process too. Plus, you'll be getting a lot of emails from companies/people you've signed up to/given your details to, asking for you to opt-in again, or update your preferences. This for me is great, as it's an automatic cull of the eNews I get, but it also means all the apps I've got on my phone will be going through their processes of being GDPR compliant. (Meaning I probably have to re-input my details here and there - it is for my safety after all, so I'm going to suck it up and be prepared...)

So, yes, it affects you, it affects everyone. Whether it’s your data or the fact that you’re working with other people’s data. It’s a mind-boggle but so important in this day and age where everything is accessed so easily.

We all should brush up on this knowledge - let's get involved! 

Further reading:

What is GDPR for small business: a comprehensive guide

The summary guide to GDPR compliance in the UK

The 7 stages of GDPR grief

If you liked this blog post, sign up for our newsletter... ;)