Skip to content

My musings on GDPR

March 16, 2018

The new GDPR regulations will “require organisations to become more accountable in protecting the privacy rights of individuals.”  I think that’s brilliant, I really do.  I’m all for it as an individual and a business owner.

And that’s handy because I have to comply with it.

But honestly is it aimed at me?  Well yes in that I run a business where I collect and process data, but no in the sense that I am already committed to an ethical code of practice and I honestly wouldn’t dream of using data in an unethical way on purpose or for personal gain.  I can’t be sure I’m faultless on this one, but any errors I make are not deliberate.  Research is all about the comfort of the respondent and I wouldn’t do it any other way.  The thing is, some companies would do it another way.  Some companies would buy or sell or steal your data.  Some companies have sugging and frugging and spamming and phishing and scraping and general blagging at the core of their business model.  That’s not me.  I’m a sole trader trying to provide a really high standard of ethical service to charities.

So I’m just small fry doing my best to comply with rules that have been written to slap down the naughty big boys.

I’m a few weeks in with getting GDPR-ready and here’s my critical thoughts in the spirit of sharing:

  • GDPR assumes that I want to identify people from the information I hold.  I don’t.  I don’t need to and I actively try not to.  But it doesn’t seem to acknowledge that as a possible starting point, which makes some of the more complex elements either irrelevant or confusing.
  • Having spent a bit of time on GDPR already, well that’s a cost to me. Time is money and I’m a part time sole trader.  If I’m doing this I’m not earning.  And a lot of it seems like busywork – documenting this and that and probably no-one will ever look at it.
  • It does feel a bit like overkill. I’m not entirely sure that data subjects (i.e. real people) want to read the screeds and screeds of information I have to give them before they start a survey or interview.  I hope I (and indeed the rest of my fellow European research colleagues) can do it in a way that doesn’t put people off participating in research.
  • I’m going to be jointly responsible for this along with my clients. Some of my clients are tiny little organisations.  Many are lacking in time and money.  They don’t all have paid staff!  I hope I will be able to work out a way to do this that helps my clients to comply with GDPR without scaring the living daylights out of them.

That’s my first thoughts.

But there’s no question that I will do my best to comply with this new regulation, and encourage my clients to do the same.

And I kind of don’t mind it.  I want to be ethical, I love a good template, and I get a certain pleasure from finding efficient ways of working.

So… we’ll see…


No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: