The EU General Data Protection Regulations (GDPR) comes into place on 25th May 2018 and I am loving it!
Why? Because as businesses race against the clock to ensure compliance, I have been inundated with numerous emails from businesses asking me to confirm my consent for them to carry on holding and processing my personal data for one supposedly mutually beneficial reason or the other. This has been a great opportunity for me to take stock of exactly where my personal data is being held and for what purpose. If they are businesses that have been actively engaged with me over the years (e.g. responsive recruiters, suppliers), no problem; I have happily confirmed my consent. For others however, it has been a case of: “Who are you?”/ “I didn’t even know you had my data?”/ “Thanks, but no thanks”.
For me, the GDPR change programme presents a win-win for individuals and businesses alike.
As an individual, I am taking this opportunity of a data ‘spring clean’ seriously and wonder if, like the physical spring clean, GDPR mandates businesses to repeat this consent process regularly?
For businesses, this is excellent feedback which presents an opportunity to review customer and stakeholder engagement strategies and processes. If clients, customers and stakeholders vote with their feet (or hands in this case), by failing to consent to their personal data being held, isn’t this an indication that no value has been added to them – and needs to be addressed as a matter of priority post the 25th May deadline?
I’m I being unduly positive and naïve about GDPR or is it just a bureaucratic pain in the bum?