If you’re at all unsure about GDPR, then a GDPR talk/seminar/lecture might be just what you need to get the facts straight. In fact, even if you think you’ve got it covered, I believe that it’s always worth discussing processes and ideas.
Wilkin Chapman LLP have hosted various GDPR essentials seminar. I attended one of their seminars, and over the course of two and a half hours, there were four speakers: Jonathan Goolden and Laura Clark from Wilkin Chapman LLP; Detective Sergeant Steve Dennison from the Humberside Police Cybercrime Investigation Team; and Daniel Westlake, managing director of Cursor. Each speaker offered insights on the GDPR from a unique perspective.
I took away several valuable lessons from the seminar and thought I would share some of the key points with you:
- “It’s all about the why”. Understanding the purpose behind the GDPR will in turn help you to understand what you need to do to comply. The purpose is ultimately to protect the personal data of EU citizens. So, gear your intentions toward protecting personal data and keep the purpose in mind when thinking about GDPR compliance.
- Using consent in HR situations is more often than not one of the least appropriate processing conditions to use. You might find that other processing conditions fit the circumstances such as “to fulfil a contract” or “legal obligation”.
- Make sure your security processes are robust, and enforceable. In particular, ensure that employees using their own devices for work purposes are taking the appropriate measures such as updating anti-virus. Detective Sergeant Dennison invited people to join the Humberside business resilience forum. http://www.hbrf.co.uk/ alternatively you can follow HBRF on twitter.
- Mr Westlake enforced his main point, that marketers should really be gaining consent. Daniel told the audience “Give Data Proper Respect” (appropriately reapplying the GDPR acronym).
Overall, you should understand the purpose of the GDPR. You should really think about which processing condition you’re using. You should have robust security processes in place, and make sure you are giving data proper respect.