This is often the first thing that is said (after the introductions) when I go to companies to talk about GDPR and frequently I don’t know what to say.
Let’s start with data protection. It all started about 16 years ago when I was put in charge of data protection for a charity I was working for. I have to admit it was like the blind leading the blind. I didn’t have a clue and data protection seemed to be contradictory and confusing. Luckily I got some training and then a few years later I took the BCS exams for Data Protection Officers. This was enlightening, it all started to click into place. I kept up to date with the new things and because I only worked for the charity part time, word spread that I would help other organisations with their data protection practices. Work came in by referral. Then GDPR appeared and there was a whole lot more to learn and decipher and more organisations needing support and advice.
In addition to my data protection qualification, I have been an internal auditor for nearly 30 years, so I know how to look for information, ask people how they work and create effective process improvements. I’m also a qualified Institute of Leadership and Management Level 5 Coach and Mentor, a member of the Association of Accounting Technicians and earlier this year completed the Institute of Risk Management Exams.
So how do I work? First up, I don’t claim to be an expert on GDPR, at this time nobody is, there are too many unknowns about how the legislation is going to be interpreted but I do have 15 years experience actually working with businesses to support their data protection practices. I don’t believe in making things onerous, if there is a straightforward way of doing things I will choose that, why overcomplicate it. I don’t use the jargon or recite the articles or recitals, you’ll get the plain English version from me. I also believe that data protection compliance shouldn’t be an add on but should be part of the way you do business, it should be embedded into your business practices. I believe that every member of staff should have basic understanding of the Data Protection Act and GDPR, it shouldn’t be one persons responsibility. Its too difficult to make one person responsible for a whole organisations data protection practices and it means frequently that people negate responsibility because it is “someone else’s job”.
My aim is to create the right solution of each business I work with, it’s not about you fitting to the legislation but how the legislation fits your organisation, your business strategy, your aspirations.
With GDPR as the new “Y2k” for consultants and every Tom, Dick and Harriet jumping on the bandwagon, there is lots of choice for businesses. Many people have read the legislation and know the law, but I know that and how to implement it into a variety of businesses. Companies work with me because I have a pragmatic approach, can implement cost effective solutions, manage the changes required and I have experience in a variety of industries.
If that sounds like someone you want to work with, then I would be very happy to talk GDPR with you.