Then imagine what would happen if the standard scale of speeding fines were to be repealed and replaced with a fine of up to £17 million or the confiscation of one’s car or home or the threat of bankruptcy. Half of all motorists would rise up in rebellion and the other half would be too frightened to drive anywhere anymore.
This sounds fanciful but it is exactly what seems to have happened with the new GDPR regulations. In 37 years in business, I have never seen legislation that has caused such confusion, fear and blind panic and I am astonished that so little has been written about the subject in the national press.
Everyone agrees that spam emails are a nuisance in the same way that everyone agrees that our roads should be made safer, but the words “sledgehammer to crack a nut” do not begin to describe the GDPR regulations.
According to The Times, three-quarters of all UK businesses have failed to correctly implement the regulations, many still have absolutely no idea what is expected of them.
If 75% of businesses are not GDPR compliant, it’s unlikely that you will be the first to be fined £17million.
I have done everything I can to ensure that my own business is compliant but it has been extraordinarily difficult to find credible advice on how to do so. The compliance company that we use for other matters have said that they are not able to offer advice on GDPR because they were unable to obtain PI cover due to the vagueness of the legislation and the absence of any case law.
Another company, recommended by a big client, wanted to charge £8,000 plus VAT for a review of our procedures. I asked for a summary of what the review would involve – they were not able to provide one.
Many clients have received appalling advice. One has half a million client records on a bespoke CRM database – a priceless archive of data which produces several million pounds of business every year via a carefully designed campaign of emails, letters, news articles, invitations to cultural and sporting events and calls from a well trained telesales team.
In the run-up to GDPR, they sent everyone three opt-in emails then deleted the records of everyone who did not respond – well over 90 per cent of all the people on the database. Redundancies will inevitably follow. This cannot be what the legislation intended and is certainly not my understanding of what the new regulations require.
This is not the only example of people overreacting. My local garage, which we have used for years, wrote to me to say that unless I replied to their opt-in email, they would no longer be able to send me reminders of when my next service or MOT was due. So as a direct consequence of GDPR, I could forget to book my next service, have my brakes fail and then kill some innocent pedestrian just so that my privacy is not compromised. The garage owner has misunderstood the legislation but he is a mechanic, not a compliance expert, and his confusion and fear is perfectly understandable.
So, what should you do to protect your business from the appalling consequences of this legislation? The most important advice is don’t panic. If, as suggested, 75 per cent of all businesses are not GDPR compliant, the chances of your estate agency business in the middle of nowhere being the first business to be fined £17 million is remote.
The second thing is not to be bullied into spending large sums of money with the companies that have set themselves up as GDPR experts. Most are not offering any advice that you cannot find for yourself by spending thirty minutes on Google. Most of the things that you need to do immediately, such as putting a data protection policy onto your website, can be done easily and cheaply without external advice.
Thirdly, apply common sense test to everything you are told. Our usually honest and reliable IT company wrote to me to say that I would (not “may”, but “would”) be fined £17 million if I did not pay them a hugely inflated rate for making minor changes to our website before the deadline. We got the work done elsewhere for less than 10 per cent of what they quoted.
Finally, be patient. Over the coming months, the legislation will be clarified and case law will be established. Once we know more details of how the legislation is to be interpreted and enforced, we will all be able to make more rational decisions on how to deal with the legislation without destroying our businesses in the process.
Adam Walker is a business transfer agent and management consultant who has specialised in the property sector for more than 25 years.