As a small business owner, I started preparing for the new GDPR regulations over a year ago. I followed all the guidelines (of which there were many), I went through all the checklists (of which there too many to mention) and I did everything I could do to ensure that my business complied with everything it needed to, to be GDPR compliant. After all, this was going to make such a difference to me as a consumer; my personal data would be far more secure with every company doing everything possible to ensure this and I would no longer be pestered by unwanted post, emails and marketing calls. I was really looking forward to that!
For someone who works alone, (the only employee of my small business), I spent an awful lot of time completing risk assessments, reviewing the data that I deal with for both myself and my clients, and updating / renewing the systems that I have in place to ensure that any data I deal with is protected.
I was proactive in finding out from the companies who I deal with in relation to my business, what their policies were for data protection (web providers, email management, data back-up, my accountant, basically anyone who had any kind of link to personal data within my business).
I had to spend time that I should have been spending prospecting for new clients and marketing my business, wading through page after page of ‘geek speak’ about GDPR. If I’m honest, I didn’t understand all of it (and if I’m really honest, I still don’t) but I still put the time in to dot the ‘I’s and cross the ‘t’s – probably much more time than many large corporates have put in!
And although it was a complete pain in the butt to achieve, I believe that Girl Friday is as GDPR compliant as she can be.
SO WHY AM I STILL RECEIVING TEN PHONE CALLS A WEEK ABOUT A CAR ACCIDENT I DIDN’T HAVE?
Just today, I have received three phone calls from companies concerned about the ‘bump’ I had in my car. The only difference that GDPR seems to have made in regards to cold calling, is when I ask the caller where they have got my details from or to ask them to remove my number from their call list, they simply put the phone down, instead of the constant arguments that used to ensue. I know that I haven’t given permission for my working day to be interrupted throughout the day from companies that haven’t given two hoots about GDPR, so why is it still happening? In addition to the time it takes me to answer the phone and inform the caller that I haven’t had an accident (or need to take out a life insurance policy, or make a last minute PPI claim etc) do I now have to spend my time reporting each and every number that calls me without my permission?
And although I haven’t personally been affected, the latest data breaches from companies like Facebook and British Airways are also a huge worry. I guess in this day and age, there will always be hackers who are intent on spoiling the day of millions of people – I really wish that the undoubted skills that these people have could be put to much better use than causing distress to everyday, hard-working people. Their intention may well be to embarrass the companies that they target or, in some cases, to make ill-gotten gains from the misery of others but I know that I (and I’m sure countless others) don’t have the time spare to get everything back in order when your data is stolen.
I’m happy that I spent hours of my time to ensure that my business is GDPR compliant, however, I would be much happier if the companies that are continually cold-calling me, could say the same.
And as for that car accident that I didn’t have? I don’t even have a car…