GDPR has been the focal point in 2017, for all firms and especially those of us concerned with data on a daily basis. Huge amounts of information are washing through the ether and it seems that not all of it is being properly understood.
The stories about potential financial ruin for non compliance and the almost threatening statements suggesting that businesses under this new "regime" will somehow be prevented from connecting with their customers and potential customers are misleading and downright unhelpful.
Whilst it is true that the ICO will have the powers to fine those who continually and deliberately flout the new rules it will most certainly not be their first port of call. After all, GDPR isn't about destroying businesses out of hand, but making sure that our personal data is being held with respect and most importantly, our choice and control.
Stripped down to it's most basic principal, it's one of trust, transparency and security in an age where our personal data seems to have been leaking unchecked into every part of the internet. There's no denying that time and considerable effort must be undertaken in achieving compliance, however any action that responsible companies can undertake to ensure these leaks are plugged must surely be in their interest. The accountability being imposed must be seen as a positive move, and a strengthening of trust which is, foremost, that which consumers, clients and customers hold dear when transacting business of any kind.
Reputation should be top of the agenda for firms, not reactionary for fear of fines. Those who do it well will reap the rewards and strengthen their business relationships as a result.
I urge you to review the ICO's blog posts which aim to sort fact from fiction in these days of information overload. Choose your news sources carefully. Go straight to the experts.
If this kind of misinformation goes unchecked, we risk losing sight of what this new law is about – greater transparency, enhanced rights for citizens and increased accountability.