I’m fascinated by what is happening with the introduction of GDPR. Much of what I see posted on the internet seem to imply GDPR is a huge change, although perhaps this is because most of the content is generated by people trying to sell products or services to “ease the GDPR pain”. This is a little at odds with the messaging from the Information Commissioner, which is that GDPR is simply the “next step” and that most companies that already have good Data Protection Act controls and processes in place will not see much change.
I’ve been working on GDPR for both Cyan Forensics (where I am CEO) and Blipfuture CIC (where I am a director) and I found two resources particularly helpful.
The first is the Information Commissioners own guidance. It simply explains the key issues, especially around lawful basis and the rights of data subjects:
The second is from a less authoritative source, but addresses what I see as a key issue, especially for B2B marketing. While Consent is one lawful basis for information processing, there may be others:
This advice seems at odds with a lot of what I’m seeing posted on the net, but made perfect sense to me in terms of what I read in the ICO guidance, but potentially important in some B2B businesses especially.
I’m not offering advice on GDPR as I’m just starting to find my own way around it – but I found these links useful and I hope you will too.