I received a call the other day from someone who wanted to talk GDPR with me. Nothing unusual in that, except this person started the call by telling me they were a GDPR expert. As far as I am concerned there are no GDPR experts. There are people with lots of knowledge and experience but until the case law starts to flow through, there are no experts.
Anyway, back to my caller. Having introduced himself as an expert he then proceeded to tell me he was thinking of setting up a GDPR business and what would my advice be? So I asked some basic questions.
How long had he been working in data protection? 3 months
What qualifications had he undertaken? None
Why did he want to work in data protection? Well its easy to make money isn’t it?
It turns out that my caller had been working with a qualified person to help a large organisation with their GDPR implementation on a short term contract. They had no previous data privacy experience and now think they know it all.
There is lots of hype about GDPR and subsequently lots of new people offering GDPR services because they think its easy.
Before signing up for any GDPR advice services ask the person running the training or providing the advice what their qualification in Data Protection is, how long they have been working in data protection and if there are any disclaimers to their advice.
Why am I saying this, because I have just taken on a client who sought advice from someone who claimed to give GDPR training and advice, the advice was basic at best and they didn’t know how to implement it into a business, the trainer had no qualification in data protection and it was an add on to their current business (not privacy related). The advice was incorrect and could have led to an ICO investigation and potential fine.
Please make sure you check whether the person really is able to offer advice on GDPR and not someone who has read the guidance and wants to sell you something because its a hot topic.