GDPR policies are not an antidote
During last years feeding frenzy, it felt like everyone that needed new clients found a way to make their offering sound like the antidote to GDPR. A year later, we know there is no antidote. We’re all in it together. However, a lot of companies now have GDPR compliant “policies” that a few people will read, with even fewer understanding them, plus procedures that people cannot be bothered to follow.
So what has actually changed? I receive the same number of spam emails yet only a few of them aren’t compliant. When I have enquired where they got my email address from or tell them to take me off their list I receive the same response back from totally different entities. It shows they have an incorrect understanding of the regulations. They think they do get it, yet they rarely do, and the false sense of security is more dangerous for them than anyone else.
Who threw the baby out with the bath water?
At one end of the scale, I am aware of charities that do not email their supporters any more, some have even disposed of the contact details of their supporters. They threw the baby out with the bath water.
At the other, there are companies that will “scrape” an email address of the internet (usually LinkedIn) and email me without any form of permission. When I ask where they got my email address, they lie about that and try and convince me why it is ok for them to spam me. They are being disingenuous at best yet they think I will do business with them at some point. The irony is lost on them.
Why is assessing data risk so fluid?
So what is reasonable? It depends from company to company and that is the conundrum. When it comes to risk, we allow ourselves to be easily pigeon holed. “We’re no more risky than the other lot”, we insist. When it comes to marketing, successful business celebrate their differences. Never the twain will meet.
Businesses rarely want to spend time preparing for the worst. It is human nature to look on the bright side, so we prefer not think about it. I’ve seen the same happening with health & safety. People don’t think their business is unhealthy or unsafe so they stay in blissful ignorance. They will even copy the health & policy of another business, when asked for one. I expect a lot of businesses have ended up with lookalike GDPR policies.
There cannot be one size fits all. I have discussed this subject with 400 business owners or company directors in the last 12 months. They rarely did the same things with the information they receive from their clients or prospects. So the lookalike policies are unlikely to help them. Even 1 hour spent thinking about how to keep data private is going to produce a better result that copying and pasting.
Wrap up;
Any business that has a proper go at complying with GDPR is unlikely to be fined. Yet some businesses have put GDPR policies in place with assessing where or how their data is at risk.
Top Tip;
Cyber risk reduction is not as hard as many people imagine. Take a look at our ten top tips to reduce cyber risks. Enacting them will ensure that you are protected against the vast majority of online threats.
Jason recently “celebrated” his 30th anniversary broking insurance by having a lie down. A lot of what he knows is about managing risk. He has also built two companies from scratch (the first with the help of 3 partners) the second without any distractions. He has also developed a unique, branded method of developing leads that breaks some of the rules, yet tends to get better results than traditional methods.
He is uniquely placed to discuss why you are extremely unlikely to get fined for GDPR issues and why you should not stop sending the right messages to the right people. The data risk seminars he delivered last year received fabulous feedback and his webinar about “Culture will kill your business (data)” is still doing the rounds.