With the UK working towards Brexit, there is confusion among some UK businesses that are asking themselves whether they should bother becoming GDPR compliant. In this brief blog post, I look into this question with a view to providing guidance for those who are uncertain.
What happens if the GDPR directive is ignored?
GDPR (General Data Protection Regulation) is an EU directive that is due to come into force on 25 May 2018. It consists of 11 chapters and 91 articles that dictate what businesses need to do in order to achieve compliance. Some business owners, who rail against dictates coming from the European parliament in general, may be tempted to ignore the new GDPR directive. However, if they do, they could face huge fines.
Online data management security has never been more relevant than it is today. Just a few weeks ago (Friday 12th May), the NHS was subject to an unprecedented cyber attack which completely disrupted the system, causing staff to be locked out of files and patients turned away from hospitals. The UK was one of 99 countries affected by this attack and the chaos caused by its ransomware, nicknamed WannaCry. Admittedly, this attack was about extorting money to unlock infected computers, but it is the latest in a number of cyber attacks on a global scale, not just here in Europe.
In April, the online lender Wonga was also subjected to a cyber attack designed to steal customer information. It is believed that the attack could have affected over a quarter a million current and former customers.
Privacy By Design
The GDPR directive is an essential privacy by design initiative. It is something that all responsible companies who have online data management systems containing customers’ personal details should adopt – purely from a best practice point of view. It means
organisations must ensure that privacy and data protection is a key consideration in the early stages of any project, and then throughout its lifecycle. The key here is applies to all consumer data your organizations holds – including CRM, marketing automation, finance and proprietary systems. If companies wish to trade with the EU (be they EU members or not), they will need to be GDPR compliant or they will face heavy fines.
Become GDPR compliant or stop trading with EU clients
From a Brexit or international trading point of view, this clears up any doubts about gaining GDPR compliancy. If companies aren’t compliant, the doors of EU clients will be closed to them. In addition, it’s highly likely that the UK will still be a member of the EU when the GDPR directive comes into being anyway, as the earliest date for leaving looks like being the end of March 2019.
For more advice on your Salesforce GDPR compliance, connect with me on LinkedIn.