After seeing hundreds of GDPR posts, adverts and articles popping up with someone trying to sell their GDPR compliance package all I could think was Not another GDPR Post so I scribbled down a few things I had learnt about GDPR whilst getting PC4 Recycling ready and here is the outcome.
GDPR for me has two sides firstly are we doing everything we need to do to be compliant and secondly how can we help our clients to be GDPR compliant. In the following five points I will discuss what I have learnt about GDPR and what I think the most important aspects are.
1. “It’s not quite as complicated as it first seems” Google returned over 6 million results when I searched for “GDPR” but I went for a simple approach and got a copy of GDPR for dummies. From here I learnt that if you break down each new ‘thing’ you need to do, create or write then it is much simpler. This leads me onto my second point.
2. We are already doing everything GDPR requires it just needs putting into a policy and given greater traceability. For example GDPR state…
3. Consent… this is my biggest bugbear with GDPR the idea behind it is great and as an individual I support it, as it will put junk emails to a stop and 10% of my day is filtering junk emails. However, ensuring we have explicit consent for emailing people is more difficult it is easy to see why many companies are just deleting their mailing lists.
4. Consent is not the be all and end all – somewhat contradictory to my previous point however, there are six lawful bases for processing data and consent is just one of them and you can use more than one if you process different data for different reasons. For PC4 Recycling we have four bases that flow through our sales pipeline: Legitimate interest for contacting potential leads using information in the public domain and giving each individual all eight rights as outlined by GDPR. Contract for those leads that ask for a quote. Legal Obligation, for leads that go ahead with a collection and have hazardous waste as it is a legal requirement for us to keep hazardous waste documents for three years. Consent only comes into our legal bases when looking at communicating through our email newsletters.
5. You don’t really need to fork out your hard earned money to be GDPR compliant. Despite seeing numerous adverts, post and comments from people claiming to be GDPR compliance experts you can do everything GDPR requires yourself as long as you have a good understanding of your business, have some spare time to read through some great free online resources and don’t mind going a little bit data crazy.
So a advice free outlook on GDPR I gained whilst trudging through GDPR. Share what aspects of GDPR fascinate, annoy or entertain you on any of our social media sites. Or if you need to destroy some data contact me to see how we can help you with the right to be forgotten.