PREP: 5 MINS
EASY: NO DATA PROTECTION EXPERIENCE REQUIRED
COOK: UNTIL READY, LIKELY 25th MAY 2018
SERVES: ALL SIZE COMPANIES
1 decision maker (minimum) willing to listen
½ tbsp small talk (optional: another ½ tbsp for garnishing at the end)
200ml content about the GDPR
2 tbsp scaremongering
1 (at least) product to sell
1 (at least) way of communication e.g. mobile phone or email
1. Introduce yourself to the relevant decision maker and mention GDPR to gain interest. You can do this using the method of your choice (e.g. via phone call or email).
2. Sprinkle in a bit of small talk to soften the conversation. Be sure not to add too much small talk, as this will spoil the flavour.
3. Pour out the relevant content about the GDPR to show some knowledge and credibility. Then, add in some scaremongering for enforcement.
4. Heat up the conversation up a little by introducing ‘X’ product or service to sell. Make sure you do not overdo it, as you don’t want the conversation to burn.
5. Add in the rest of the scaremongering to complement ‘X’ product or service.
6. Let the conversation cool. Then, serve garnished with more small talk to ensure rapport is built (optional).
On a more serious note, although this is a light-hearted ‘recipe’ illustrating how some businesses may be trying to profit from the implementation of the new legislation, it is important to stay aware of what the facts are around the GDPR.
This is not to say that decision makers are easily scared and fooled, rather it is a way of highlighting that we should stay aware of the differences between those who have their facts straight, and those who are trying to make a profit. Scare tactics do not help anybody progress and not everything you hear or read about the GDPR is true. If we all believed everything we read or heard, that would be a recipe for disaster!
Crucially, misinformation poses us with the risk of losing sight of what the new law actually is. It is true that large fines and a loss of reputation are potential results of non-compliance. However, let’s not ignore the fact that the GDPR has not been put into place to penalise organisations, but instead the aim is to give control back to citizens around their personal data, as well as increase transparency and accountability.
Essentially, people are at the heart of the GDPR. Whether it be employees, business owners, or clients, the GDPR relates to personal data. Nevertheless, this should not be unfamiliar territory. The GDPR builds on what businesses should already be abiding by in the Data Protection Act.
Our “DPA vs GDPR sheet” may be useful in helping you identify some of the key differences.