Why does GDPR matter so much? Because you employ people like me!

You might be getting sick of all the posts and articles about GDPR lately. You might be actively ignoring them thinking it'll all be ok. But honestly this is legislation you have to be acting on now if you're not. Only one company has been mentioned to me as being prepared, and they started work on this 7 years ago.

To highlight why this is so serious I thought I'd paint three simple scenarios.

When I started at my current company I was 22. All of my university friends were in London and the idea of going out on a Wednesday night didn't always seem particularly dumb. If I also went out on Thursday and Friday I was a little tired by the weekend. I'd regularly fall asleep on public transport. Once I fell off my seat on a bus and ended up in A&E, another time I hitchhiked back into London after discovering my ‘phone and wallet had been taken from my boozy unconscious form. We can all fall asleep and leave documents or hardware at risk whatever state we’re in. If that mobile had been my work mobile the breach would be by my employer, not me.

Secondly we all work long hours and make honest mistakes. I've hit reply (to an email) when I've meant to hit forward and sent information about a contractor back to a client I shouldn't have done. I've not noticed that when I typed one person called Jonathan (a colleague) it's sent it to someone entirely different. I've lost count of the times clients have accidentally copied me in on confidential meeting documents rather than a David in their own office. Don't pretend you're immune, you're not. Guess what… that's a breach too!

Thirdly we all have contacts. Lots and lots of contacts. My work mobile has 7933 contacts on it, backed up in outlook. People move roles an understandably take their contacts with them. I rely on clients moving roles and contacting me to meet recruitment needs. If my contact is taken from their work ‘phone and uploaded into a new employers kit and onto their servers, that new company has just unwittingly committed a breach under the legislation.

You see it is very, very easy to commit a breach when you employ people. Lots of people doing things we all do. The massive problem for you is that negligence (“I'm so sorry I had no idea”) is likely to be hit with the maximum fine (€20,000,000 or 4% of your company's global revenue in the last year… whichever is more). Negligence is the worst position you can find yourself in and intent isn't considered.

So you see you will have a breach, probably multiple breaches carrying multiple, potentially company ending, fines. 97% of breaches are caused by your staff and the best you can do is put yourself in a legally defensible position. So if you haven't sought legal advice I'd do that now… the clock is ticking and you've only 48 weeks left.

Whilst we're talking about this, if you don't have a Chief Privacy Officer you have to have one, and you can't promote from within. I don't fall off bus seats anymore so maybe think about giving me a call for a little help on that one?