I was dreading implementing the General Data Protection Regulation (GDPR), attending workshops and getting clarification on answers seemed all very grey and murky.
What is clear is that everyone has responsibility for data. When the EU was setting up the regulations coming into force on 25 May I don’t suspect they ever thought how it would affect a rural village shop in unspoilt countryside.
It does feel as though we have been caught up in rules that the big boys were not playing with appropriately and then we have been punished.
Last night, however, at a staff training meeting, it all became clear. As the heart of our community, we have always treated our customers with respect and known lots about them.
We know where Mr Smith lives, who he went to school with and how many children he has, we also know Miss Jones has a cat and loves chilli chocolate, nothing in some respects will change. All staff have a confidentiality clause in their contracts, it’s how we handle it once it is written down that will change in some cases.
What will happen between now and the 25 May is setting up procedures and writing them down in our GDPR file.
This means our compliance is evidenced and we can think of ways to manage issues that aren’t compliant.
For example, our paper telephone directory lists the private home number of the local publican. If we get asked what is the number of the pub, we will no longer look in our internal business address book, but take the number as advertised in the local tourism leaflet.
Enabling us to still be useful to customers but accessing the data in a way that doesn’t breach how we share it.
GDPR isn't the foe I originally thought it was. It is an opportunity to demonstrate that, as always, we respect our customers and their data and will do the very best for them.
You can also check if your own email address has been compromised by a data breach by looking it up on here