Like most UK business leaders, I continue to scratch my head about the current Brexit process. Whatever side you came down on, the lack of clarity, the messiness of the negotiations and ultimately the lack of agreement between our political parties on our future relationship with the EU, defy understanding. Let’s just say if Brexit was a business, it’d be bankrupt long ago.
Earlier this year we were faced with another landmark European issue, General Data Protection Regulation or GDPR. Unlike Brexit, its meaning was clear, its parameters were defined and the penalties for non-compliance were significant. Regarding the latter, the potential of a fine of 4% of global turnover or 20 million euros (whichever is the higher) certainly brought home to me the importance of getting it right.
Although Gibbs Hybrid has now extended into different business areas, notably outsourcing and consulting, we had our origins as a recruitment firm, and still have a thriving total talent management business unit. This means we hold thousands of resumes, collected for client engagements over the years. Whereas up till this year our systems were in place to keep them secure, as of May we had to take a significant additional step. In order to comply with GDPR we had to contact many of those people whose resumes we held and ask them if they wanted us to continue to keep their information in our files.
This was a large project for our company, and I’m happy to say that the vast majority of those who responded trusted us to store their information, since we provided them with a transparent notice setting out how we comply with the legislation.
What does this have to do with Brexit, you ask? Aren’t such ponderous European laws going to go away in Britain’s brave new world of freedom and flexibility next year? The short answer is no. GDPR is now, along with much of the European regulatory framework, enshrined into the British system, and the government has guaranteed that it and other regulations will be maintained.
As we have a strong legal team in place at Gibbs Hybrid, we felt well prepared for the introduction of GDPR and its additional workload. We had, additionally, made sure that all of our staff formally understood the implications of the regulation when handling personal data.
However, GDPR is like a smoke alarm in your home – it’s not enough to install it; you’ve got to make sure the battery is fresh and the alarm is tested regularly. Our experience tells us that GDPR is a moving target and we need to be very aware of how it overlays our business day to day, from handling new personal data to responding to external requests to be forgotten and maintaining general databases.
Based on our experience, I would suggest three courses of action for GDPR:
1. Appoint a team, and make it accountable for compliance
2. Don’t be afraid to invest in external legal, accounting and compliance counsel
3. Work closely as a company leader with your compliance team, so that they understand corporate directions and can adjust and advise accordingly. The complexities of opening a new business in a non-EU country and moving EU nationals’ data to and from that country, for example, need to be addressed up front, rather than when the regulator knocks on your door.
I must say that I am heartened at the commitments that have been made by the terms of the recent withdrawal agreement, which if agreed and ratified, will make sure that there is no interruption to cross border data flows.
Above all, now is the time for all of us to be very aware of the business and political environment, and of public sentiment. Every day there are events that can impact our business.
Now more than ever it makes sense to know your local MP, and let them know your views, read the national and international press and understand what new world, and new Britain, is being shaped in front of our eyes.
Farida Gibbs is CEO of Gibbs Hybrid. She was recently awarded Businesswoman of the year by MSDUK. She has been named among the 2018 150 Global Power Women in staffing by Staffing Industry Analysts.