This is often the first thing that is said (after the introductions)
when I go to companies to talk about GDPR and frequently I don’t know
what to say.
Let’s start with data protection. It all started about 16 years ago
when I was put in charge of data protection for a charity I was working
for. I have to admit it was like the blind leading the blind. I didn’t
have a clue and data protection seemed to be contradictory and
confusing. Luckily I got some training and then a few years later I took
the BCS exams for Data Protection Officers. This was enlightening, it
all started to click into place. I kept up to date with the new things
and because I only worked for the charity part time, word spread that I
would help other organisations with their data protection practices.
Work came in by referral. Then GDPR appeared and there was a whole lot
more to learn and decipher and more organisations needing support and
advice.
In addition to my data protection qualification, I have been an
internal auditor for nearly 30 years, so I know how to look for
information, ask people how they work and create effective process
improvements. I’m also a qualified Institute of Leadership and
Management Level 5 Coach and Mentor, a member of the Association of
Accounting Technicians and earlier this year completed the Institute of
Risk Management Exams.
So how do I work? First up, I don’t claim to be an expert on GDPR, at
this time nobody is, there are too many unknowns about how the
legislation is going to be interpreted but I do have 15 years experience
actually working with businesses to support their data protection
practices. I don’t believe in making things onerous, if there is a
straightforward way of doing things I will choose that, why
overcomplicate it. I don’t use the jargon or recite the articles or
recitals, you’ll get the plain English version from me. I also believe
that data protection compliance shouldn’t be an add on but should be
part of the way you do business, it should be embedded into your
business practices. I believe that every member of staff should have
basic understanding of the Data Protection Act and GDPR, it shouldn’t be
one persons responsibility. Its too difficult to make one person
responsible for a whole organisations data protection practices and it
means frequently that people negate responsibility because it is
“someone else’s job”.
My aim is to create the right solution of each business I work with,
it’s not about you fitting to the legislation but how the legislation
fits your organisation, your business strategy, your aspirations.
With GDPR as the new “Y2k” for consultants and every Tom, Dick and
Harriet jumping on the bandwagon, there is lots of choice for
businesses. Many people have read the legislation and know the law, but I
know that and how to implement it into a variety of businesses.
Companies work with me because I have a pragmatic approach, can
implement cost effective solutions, manage the changes required and I
have experience in a variety of industries.
If that sounds like someone you want to work with, then I would be very happy to talk GDPR with you.
No comments:
Post a Comment