When you think it could never happen to you, GDPR strikes at your door and you ask:
You: Who’s there?
You: GDPR who?
Voice: I can’t tell you as you don’t have consent to process my data?
Or do you?
With just a few days before GDPR goes live in Europe, here’s our approach:
1. GDPR is nothing more than a new challenge to do (your) business as usual
We know, all the managers and decision makers are usually caught up in the fire of running things. And now, all of a sudden, there’s this “new” thing called GDPR that they have to manage on top of what they were already doing.
But is it really new? Some say definitely not!
Before being called GDPR, there was this concern of handling personal data, but everyone was doing it in their own way.
We are sure every responsible manager took care that their teams would not share customer or other private data outside the organisation. We do believe that most organisations signed an “NDA” with every employee to secure its intellectual property.
Now, with GDPR coming there’s a standardized way to implement this common-sense rule, so you won’t have to do anything more than just business as usual, if you are genuinely interested in people. The change is related to how you can become more responsible to the personal data the company uses. But before changing anything ask yourself: would you be happy if other businesses treated your personal data the way your business processes your clients’ data?
2. Redesign the business processes so that you become GDPR compliant by design
GDPR is not to be afraid of. Take it as an opportunity to rethink how you are protecting, managing and using the personal data collected over the time. We believe this is a crucial moment for businesses to re-architect their IT infrastructures, how they implement marketing activities and how the sales teams are collecting data. From now on you are now responsible to take the agreement and inform specifically how you will use the information.
Our advice: rather than patching your business processes and just sign some additional papers in order to become GDPR compliant, redesign the flow of the personal information in your company and make it be GDPR compliant by design. Of course, you might need to change tools and/or mindsets, which is more difficult on the short term, but GDPR is here to stay and you’d better act in a sustainable way.
3. Give this new perspective to every employee in the company
Now that your processes are designed to respect the regulation, there’s one more thing to consider: make sure people are also on-boarded in this project. There’s no use to create rules if people aren’t aware of them.
So, whenever you implement a new process or whenever a new employee joins the team is important to have a predefined on-boarding method which defines the boundaries between the PII data (that needs be managed in a responsible and selective manner) and the general information which can be seen and used by anyone.
Our advice: select an employee with training responsibilities in your company and give them the authority to integrate the GDPR guidelines in the induction process.
For us is common sense to protect and manage responsibly the personal data of our customers and our employers and we have been preparing for this since our first day as Koding. We did map processes over tools and not the other way around, just to simplify our daily lives on the long run.
The story goes on, this is sure, and we are here to stay. So GDPR, please come in and welcome!