As a business owner there was a lot of fear around the new GDPR regulations that were enforceable on the 25th of May 2018. It’s not like we didn’t know it was coming – it was adopted on the 14th of April 2016. As GDPR is a regulation, not a directive, it is directly binding and applicable, but does provide flexibility for certain aspects of the regulation to be adjusted by individual member states.
There was a frenzy of fear on the build up to it. Kind of like Y2K back in the day and more recently Brexit (seriously!?). Lots of businesses were not prepared unfortunately and found themselves on the back foot. Also, there was a lot of conflicting information available which lead to confusion which ultimately lead to more fear. GDPR consultants are emerging and a new industry has formed – more power to their elbow if they actually know what they are talking about. There is plenty of money to be made through fear.
The intention behind GDPR is: A legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU).
GDPR sets out seven key principles:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Integrity and confidentiality (security)
Sounds good, right? Sounds like it is fair and protects everyone, yes?
Well not really when these principles are used in reverse.
Let me tell you a story.
Our business has done really well in the past year and myself and my team are extremely happy in all we have achieved in helping people and businesses on their journey to becoming the best possible version of themselves.
As a result we felt it appropriate to put ourselves forward for an award. It was an actual competition against other companies with external interviewers. The process was rigorous and demanding however the body we were dealing with were painfully professional and it was clear from the outset that they knew what they were doing and took their position very seriously. I might add, no money or donations were requested to be part of this – just to cover the cost of the dinner at the event itself if we were lucky enough to get to the final. We did get to the final. We won. Happy days! We were over the moon!
Roll on a couple of weeks and I started to become inundated with emails from other ‘awarding bodies’ claiming that I had been put forward for an award by my ‘community’. Initially I was enamoured and if I AM honest a little bit chuffed with myself (for about 20 seconds I might add!). And then I did what I always do in all situations – I picked up the phone (mobile number, no landline) to ask questions. i wanted to fully understand how I had found myself in this very fortunate position of becoming a finalist, having not gotten wind of any of this – it all sounded so covert. Like a surprise I suppose from people I have helped or my friends. Imagine, could I be that lucky? (AKA naive!).
This is where it all went a bit sour.
I introduced myself and asked who I was speaking with. The person on the other end of the phone would only give me their first name. I told them that I was humbled to be nominated by my ‘community’ for ‘Most Inspirational Woman of The Year Award’. I asked who had put me forward for the award and the response was, “Are you questioning our credibility?”. They went on to list the names of Irish celebrities who were involved in the event the previous year. They also indicated that I would be encouraged to purchase a table of 10 to attend the event. Let’s just say, the tickets were pricey to say the least.
I never used the word credibility, however now that you have mentioned it, I AM! I asked how many people would have had to nominate me in order for me to have become a finalist. They told me that it was a minimum of 10 people. I asked who they were and the response was, “We are bound by GDPR regulations and cannot divulge that level of information to you to protect them. Everything is above board and we are completely transparent”.
Are you? Are you reaaaallllllyyyy???????????
I ended the call. You see what this person doesn’t know about me is, I have a really tight knit ‘community’. We actually do operate from honesty, openness, trust, transparency, congruence and zero judgement. So I gave her the benefit of the doubt because I knew that I would find out pretty quickly if this was true that I was put forward by 10 of my community.
I put a shout out to my inner circle to see if it was them. The response was, “Never heard of them, Nic”.
I went to level two.
The response was the same. I even went as far as some long-standing clients who I know very well. It wasn’t them either.
I called this ‘Awarding body’ back on their mobile number many times. No response. I emailed them numerous times. No response.
This went on for weeks. Now I can’t stand an injustice or anyone trying to pull the wool over another person’s eyes so I wasn’t impressed.
I sent a very strongly worded email explaining that I could not find one person in my life who had nominated me for this award and that I was starting to become suspicious about it.
Oh, I got a call straight away after that! A very angry person shouted down the phone, “Do you want to be removed from our awards!?”. I said, “Yes, on the basis that your values are not in alignment with mine”.
Their response was, “FINE!” and they hung up abruptly.
And that, my friends, is the dark side of GDPR.