GDPR can be more than just bureaucracy
For months the media and entrepreneurs have been bombarding us with news of the impending bureaucratic nightmare that has come to be known by the acronym GDPR. Without any type of simplification of the issues associated with this European regulation, we consider it apt to note that entrepreneurs need not stress about any bureaucratic or demanding process involving the new rules for personal data protection if they take the right approach. This is primarily due to the fact that the underlying approach to the legal protection of personal data has not changed significantly. Often there is simply no need to complete expensive training that brings nothing new to the table.
And just what is the correct approach? It is primarily about being familiar with the operation and corporate structure of the company. You’re already ahead of the game if you are endowed with such knowledge. The first step is to complete a deliberate review of the organisation of personal data covering three basic questions: what kind of personal data do we handle, why and how? Without such a basic level of knowledge, any investment into know-how and the implementation of the specific rules required under the GDPR will simply be a waste of your time, money and nerves, which will certainly give you the impression of another unnecessary bureaucratic burden.
Since we already know the answers to the questions posed above, we can help you properly come into compliance with the rules required under the GDPR without any fear of punishment for introducing more stringent measures than are actually required. The introduction of more expensive and demanding measures is a frequent occurrence that represents a common source of irritation for entrepreneurs.
For instance, the GDPR requires that suitable organisational and technical measures be deployed to protect personal data, whereby the suitability of the specific measures must be evaluated on a case-by-case basis in relation to the risk that such processing poses and the consequences if such protection is compromised. We’ve even heard that the GDPR requires that offices be equipped with new locking furniture. This is of course not a general rule and always depends on the assessment to determine the appropriateness of such a measure. Locking an office door may be a sufficient solution in such case. A suitable benchmark when interpreting GDPR requirements is to draw a parallel to the approach taken to protect a company’s own property.
Entrepreneurs who know their company well will have an easy time of complying with their obligations under the GDPR. Entrepreneurs who need to learn about the wandering path of personal data in their business as a result of GDPR may use this opportunity to conduct a useful and necessary thorough cleaning inside the company which otherwise they simply would lack the time and energy to undertake.
So, ladies and gentlemen, remain calm, put on your gloves and get to work. Your lawyers.
P.S. We’d be happy to lend you our law firm's broom to help assist you in your clean out.
