25 May 2018 marked the beginning of a new data privacy era (or not?) with the entry into force of GDPR (no, I will not spell it but in case you are unsure what I am referring to, I suggest you 1/ panic, 2/ check this and 3/ reach out?).

Feriel Saouli
COO

Is this really the beginning of a new era? I would argue not. We have always cared about data privacy, in a different way though. While we used to tick that box at some point during the process, we are now truly thinking about data privacy “by design and by default” in a – dare I say, slightly obsessive mode- in the very first phases of every project.

So what has really changed for us in those first 100 days? A lot, so I will only mention what gives our team the biggest headaches:

  • Events: have your event invitations also become much harder to handle? We are now asking invitees (wait? how did you get that list in the first place?) whether we can take their picture (welcome colour-coded lanyards and badges!) or mention their name in the participant list or whether we can re-use their details for other events and have to keep track of all this…
  • CRM: we have a whole new process around recording business cards; much more timely as we are each time on a tight deadline to let people know we are adding their details into our database and give them all the information they need to exercise their rights (comment to self: is this the first year our Xmas mailing database will be ready on time?!)
  • HR: we changed our process for sharing applications (by the way, we’re hiring and it’s great to work with us) as we need to delete those CVs and cover letters when we say we do… so we needed a way to centrally keep track.

The list is much -MUCH- longer: amendments to our contracts, audit of our suppliers, creation and update of registry, IT audit and policies, revamped privacy policy, overall change of mentality, etc. but I vowed to be short so I will spare you.

We asked a couple of associations in town what they struggled with the most when it came to becoming GDPR compliant and one (agri) trade association humbly admitted that merely understanding what they were supposed to do was “really hard”; not surprising given all the contradictory advice that were formulated at a time when no one actually knew how GDPR was going to be enforced.

And finally, we thought it might be fun to ask lawyers how they were working on their own compliance and giggled when one law firm was candid enough to confess they had put their own processes on hold to prioritise getting their clients on the right (fast?) track first!

What about you? How has GDPR changed your business routine? Leave us a comment to compare notes!