In preparation for Adlib’s Not Just Another GDPR Webinar session, Duncan Bradley took one for the team and watched over 60 GDPR webinars, so that you don’t have to. (We’ll pass your appreciation to Duncan, just as soon as he comes down from his coffee buzz.)
All joking aside, there are a few lessons that Duncan took away from all those GDPR webinars. First, there's something truly magical about the layer of caramel-coloured foam that sits atop a perfectly brewed macchiato. And, more importantly, there’s a real lack of information around a few critically important areas of GDPR that will directly affect enterprises.
Read on for Duncan’s 60-second scoop on what he learned by watching far too many GDPR webinars.
Duncan’s GDPR in One Minute Summary (60 GDPR Webinars in 60 Seconds)
First off, the view from on high: These GDPR webinars all provided good information and some value—but this was definitely a case of “Send in the Clones.” Pretty much all of the webinars covered the same three subjects: fines, the “actors” in GDPR (i.e. Data Protection Officers), and what to do to prepare for GDPR.
“Are you GDPR ready?” has become somewhat of a rhetorical question that many enterprises can’t answer—especially when that question is posed without any context or clarity around what “GDPR readiness” actually looks like from an operational and executional standpoint.
In every case, the webinars focused on policies and procedures that will be impacted by GDPR, which is important. But what Duncan realized—after reaching the bottom of his tenth cup of coffee—is that these webinars contained very little practical material on the nuts and bolts of how to execute GDPR on a tactical level.
To save time, you could watch one or two GDPR webinars and feel confident that you aren’t missing anything by skipping the other 58. Here’s what Duncan took away from his GDPR webinar marathon:
1. Know Your Options When Deciding on a Data Protection Officer (DPO)
If you haven’t yet named a Data Protection Officer, that needs to be a top priority. Make your choice based on what works best for your company and go into the decision fully informed. If you assign an internal resource, they have a subordinate role within your company; you cannot fire them because of their actions, and they have to act on behalf of the data subjects and the data authorities.
2. Critically Assess Your GDPR & PII Policies
In general, the GDPR webinars that Duncan watched did a good job of stressing the importance of ensuring that PII is properly protected and that the right reporting processes are put in place.
With the launch of GDPR, you will now need documented “opt-in” consent that identifies what client data will be collected, what it will be used for, and how long it will be stored. And processes need to be put in place to allow customers to revoke their consent and have their data deleted at any time. This requires review and revision of all data handling processes and revision of existing privacy policies. You will also need to determine:
- How you will allow your customers to control what their PII is used for.
- How you will correct inaccurate information.
- How you will communicate where their data is stored.
- How you might share their PII with them for review.
When reviewing existing processes and policies for compliance, it’s always a good idea to complete a business valuation of that practice and determine whether it’s worth enough to your business to keep doing—even if it might lead to reduced participation and criticism after you tell people, straight up: "Here’s what we’re doing with your data."
If you feel uncomfortable about a policy or are unsure of how to communicate it to your customers, it’s definitely something you should take a harder look at. You don’t want to be faced with thousands of dissatisfied customers on the second day of GDPR enablement.
While questioning your organization’s GDPR readiness isn’t a bad thing, that question needs to be firmly rooted in an understanding of the tactical next steps that will help your company successfully execute on all the critical components of this new regulation.
Putting GDPR into Motion
Jump on Duncan’s Not Just Another GDPR Webinar session for boots-on-the-ground insights to help you put the tactical must-haves of GDPR into action. Also stay tuned for our follow-up post, Critical GDPR Considerations That No One Is Talking About, where we’ll dive into the often-overlooked Right to be Forgotten and a few critical steps every company needs to take to implement GDPR compliance.