After the deluge: a calmer approach to GDPR
Over the last couple of weeks, email traffic has gone through the roof. Organisations you’ve never heard of have been desperately fighting for your attention. You’ve probably lost track of the numbers of new privacy policies you’re expected to read and understand. After the panic of the GDPR deadline, things will, hopefully, now return to something approaching normal.
Of course, the new normal should be a little different. If nothing else, that plethora of emails illustrates the problem GDPR is addressing – that our personal data has found its way into all sorts of places. The regulations are the shake-up we all need to make us think more carefully about the information we disclose and how it might be used. GDPR has the teeth it needs to give power to data subjects and to ensure data controllers and processors act responsibly. We welcome the change, even though getting prepared has involved a good deal of effort.
As often happens with fundamental changes, not everyone was ready. And I don’t think I’m going too far when I say that the Information Commissioner’s Office (ICO) still seems to be finding its feet. Right up to the deadline, guidance was being clarified and amended. I know of at least one person who rang the helpline, waited for forty-five minutes in a call queue and then was told, “I not sure, but I don’t think that applies.” But because there is still confusion, the ICO won’t be getting heavy handed just yet. If the deadline has caught you unprepared, just get on with making the necessary changes now.
Last week, while on the road, there was a phone-in on the car radio. Several callers put their worries about particular situations to GDPR experts. There was a great deal of good common-sense advice in the answers, and I hope that’s the approach we – businesses, individuals and the ICO – can adopt going forwards. By trying to lay out rules for every situation, the authorities have made GDPR seem complicated. It isn’t. Think of it this way. information is valuable. Take care of it, respect it and only use it if you’ve been given permission.