Changes to existing data protection regulations are very close now. In just a few months the law will change and companies who process personal data – that is, virtually all of them – will have to be compliant with a new regulation (the EU General Data Protection Regulation) which has amongst its aims the protection of the general public’s personal data.

It’s sent people into a rush to get things in place before the deadline and organisations – many of whom deal with mountains of customer data on a daily basis and rely on it simply to do their business – into a frenzy of activity as they attempt to understand and potentially update the way their personal data processing activities work.

As we get closer to the introduction date things are becoming clearer, but confusion is still a major issue for many. There are myths and misinterpretations, and it can be hard to separate them from the facts in hand. Indeed, in times of confusion, there are always unscrupulous actors who will want to cash in uncertainty. There’s an entire market which has emerged to ‘helping’ scared businesses. When it comes to GDPR – which threatens non-compliant businesses with huge fines up to 4% of their global turnover – the focus on the negative is particularly large and colours people’s perceptions of the underlying issue.

A last-minute rush to try and get everything done before the day GDPR becomes enforceable is clearly the wrong approach. It has been tempting or many, when the due date is far enough in advance, to simply worry about it later. For many, the power of a deadline is not in the time it allows you to properly plan and prepare, more its ominous presence looming larger and focusing the mind. And it’s now just over two months away.

Abeed Janmohamed, Commercial Director of InfoSaaS Limited, which focuses on helping businesses to understand and achieve their information security and data protection objectives, notes:

“The threat of the 4% fine is clearly concerning people, but that’s a headline number designed to make sure people are taking this step change in data protection seriously, and it’s primarily focused on the serious offenders – those who ignore all warnings and proceed with non-compliant or illegal personal data processing activities regardless. The key is being in a position to show that your organisation business has the right processes in place, has deployed effective technical controls and has a compliant workforce and supply chain. It’s certainly important not to be breaking the law when it comes into effect, but this is about the way in which you and your business approaches the protection of personal data for the long term”.

Latest InfoSaaS blog – "How to Avoid GDPR Snake Oil". Helping your organisation to seek out experienced and competent assistance, and avoiding those with little or no experience. Read more at https://t.co/sdNJN1gKQh #GDPR

— InfoSaaS Ltd (@info_saas) February 23, 2018

GDPR isn’t about changing overnight to a new system under a new law, rather this is the time when businesses should be concluding their arrangements, as we’ve also known that GDPR is on its way for many months. Janmohamed continues:

“It’s worth remembering that GDPR brings us into the 21st Century, replacing somewhat updated legacy legislation that did not foresee the modern, digital world when it was originally created. With so much personal data being shared and transacted on-line, it’s a tricky task understanding exactly where it is at any point in time, which external parties it has been shared with, and who has access to it. Only once we understand all these things, and have managed the associated risks, will we be able to earn the trust of the citizen”.

For the sports industry and sports organisations and clubs, that will be challenging given the amount of data that, for example, a football club will have been capturing and storing about its fans. It also extends to grass-roots sports, where the data of participating children will need to be the subject of special care, and that is likely to be a challenge for the smaller clubs, run on a voluntary basis and playing in a Sunday league.

It’s these organisations where help is most needed and appreciated. Using a secure, online assessment service such as “GDPReady” from InfoSaaS will provide a clear view of the steps that needs to be in place to ensure full compliance with the Regulation. By becoming compliant, and being able to evidence this, you will be keeping on the right side of the law, and equally importantly earning the trust of citizens by ensuring the safety of their personal data.