Recently I overheard a conversation on the train. The two discussing were clearly working with compliance, and one of the them had GDPR and the new European data regulation on his to-do list.
”I am so fed up with legal mumbo-jumbo, I have been to three events now, and I still don’t know where to begin…”
92% of all European companies have not started this work yet, so these two are probably a few out of a lot that are a bit lost. According to international surveys, Sweden is actually far behind. You can not make GDPR go away, it is a European regulation, and it will happen on the 25th of May 2018, whether you like it or not. The main source for collecting personal information is the website of the company. This is where cookies are dumped freely, and this is also the place to try and collect as much as possible about your visitors/potential customers.
For those 92% of European companies that have not considered how to handle personal identification information from you website this is your 4 step plan to get started.
Step 1: How do we handle personal information today?
Step 2: How can we minimise the personal information we collect?
Step 3: How can we automate the handling of cookies, consent and withdrawal of consent?
Step 4: How can we scan and surveil our website monthly for any changes in tracking techniques?
I don’t think GDPR is rocket science, and doing something is better than doing nothing. Of course you can apply the ostrich-approach…which means you duck deep and bury your head in the sand, but why not take the opportunity to clear out your dusty databases, and you will probably see that getting started is not that bad.
Disclaimer: I am involved in a project working with point 1-4, so if this is a problem for you. Feel free to reach out.
Good luck and get going.