Wednesday 19 July 2017

Is Data Protection and all things related to it boring?  Not if you go by the delegate numbers booking onto this seminar.  Or that it got into the Queen’s speech not so long ago.  Although that second point may be up for discussion depending on your point of view.

Paula Tighe from Wright Hassall LLP took the room through what the GDPR (General Data Protection Regulation) will mean for professional services firms. 

First GDPR scare of the day was…. 

“Please put your hand up if you think the GDPR will impact you”.  All hands raise. 

“Now please put your hand up if you have prepared for it” Only one hand goes up.

The new law is due to go live in May 2018. 

But do you have to be 100% compliant before it comes into force?

Paula is in close contact with the top GDPR person in the UK, the Information Commissionaire, Elizabeth Denham. Who has been speaking about “a robust approach” and “proportionate and balanced view” rather than absolute compliance or you could go to prison, face a fine so hefty your firm will go bust and everyone will cross the road when you walk near them (I may have made that last bit up).

With under a year to go, all the guidelines still haven’t all been produced (e.g. ePrivacy).  Bad news for your planning and timings.  But really, most people aren’t anywhere near compliance anyway.

It’s bad enough getting your CRM database data compliant, just think how hard it is going to be if you are working off multiple mailing lists all over the place.

So, some of the main points summarised:

  1. Brexit isn’t going to water the new regulations down
  2. If you 100% comply with the current Data Protection Law, you’re very close to GDPR compliance
  3. ePrivacy regulations are still in draft form and not published yet
  4. Make sure your data is secure
  5. Change your passwords every 30 days
  6. Inform the ICO within 72 hours if you have a data breach or face a fine so hefty, you’ll go bust
  7. Most firms will need a DPO – a Data Protection Officer who is ell versed in GDPR laws
  8. Business to Business marketing is going to be treated just like Business to Consumer
  9. You MUST have affirmative consent to do marketing activities to people
  10. There is no such thing anymore as ‘implied opt-in’ or ‘automatic opt-in’
  11. If you process data on behalf of a client, you are now both liable for keeping it secure
  12. You may not be allowed to reply on previous permission if it was not GDPR compliant
  13. You may want to ensure all your data is stored and processed in the UK – dreadful admin if not
  14. You need a clear data governance policy
  15. Review your cyber-security policy and get cyber security insurance (and test your security)
  16. You need to tell your contacts when they signup to things, hoe you are going to market to them

Many people today realised they had a long way to go and that they were nowhere near to compliance as they thought.  Hence why we thought you’d appreciate us putting this session on. We’ll be doing more hot topics, so we may well do another GDPR session nearer the compliance date.

A huge thank you to Sonia Thaper (KPMG) for doing all the event organising and to the lovely firm KPMG for kindly hosting the room for the PM Forum.  It couldn’t have been done without your help folks, so a big thank you. Huge thanks to Paula Tighe from Wright Hassall LLP for giving us her time and running the session.  There was a lot of interest in this topic, so we’ll be planning related ‘hot topics’ soon. 

A date for your diary dear readers - Lookout for the 12th September invitation on Client Research, and later in the year a ‘How to get your CRM database or mailing lists fit for the GDPR’ session.

Written by Simon McNidder West Midlands Regional Director (