Integrity Languages

Blog

Signs of a GDPR Fakespert

By: Jonathan Downie    Date: April 26, 2018

Hello and welcome to the 2018 edition of The Millenium Bug. Today, we will be looking at GDPR fakesperts. What’s a fakespert? If an expert is someone who makes their money off the back of having real knowledge of a subject and helping people make effective decisions, a fakespert is someone whose only skills involve repacking generic advice into mega-courses, only available if you sign up for their mailing list (and pay £99.95).

With GDPR coming into force across the EU in May, there has been plenty of scope for real experts to make their mark (thank you Information Commissioner’s Office here in the UK) and for fakesperts to don their shiniest suits and sell their stuff.

How do you tell the difference? Here is a rather cheeky guide to what to look for in a GDPR fakespert.

  • Fakesperts conspicuously don’t mention availability of ICO guidance 

The first sign of a fakespert is that the sell themselves as the be-all-and-end-all, fountain of knowledge and never, ever mention their sources. Here in the UK, anyone who doesn’t mention that the best and fullest information is found on the ICO website is likely a fakespert. The real experts will mention the ICO and sell their services as distilling the screeds of ICO advice into simple, easy-to-apply practices for your business.

  • The closest they have ever been to SARs is feeling out of breath once

This is a bit of a data protection in-joke. An SAR (Subject Access Request to give it its Sunday name) is a request filed by someone who wishes to know what personal information an organisation holds on them. At the moment, they cost £10 in the UK and, depending on the organisation can cost much, much more to actually do.

If someone has never seen, much less had to manage SARs, it is likely that their expertise in data protection law and GDPR is more theoretical than practical. Even though SARs are thankfully rare, you probably want someone who has had the “joy” of helping a company through the existing legislation to help you through the new rules.

  • Until last week, they thought the ICO were the people who ran the Olympics 

A proper GDPR expert will know the name of the organisation responsible for data protection in your country and will definitely be familiar with their materials and guidance. If, for example, they get them mixed up with the governing body of an event where people win medals for the marathon, they will not be helpful to you in the long run [pun intended].

  • Their only training is a £29.99 course, which they are now repackaging into a £99.99 expert briefing 

GDPR is complex. It’s principles are relatively straightforward but their application is varied and depends on so many factors that it makes your head spin. Real GDPR experts, even if they haven’t yet led a company through existing requirements, will have spent days trying to get their head round the relevant laws and their application to your country.

The best of the best will already have a background in a role that would have involved expertise in existing legislation. They might be accountants, info security managers, data protection officers, lawyers or something similar. Sometimes, there might be someone in your specific field who has done their homework but it will pay to make sure that they are getting their training from the right places.

  • They are happy to sell you generic advice but won’t even consider coming to your office to help out in person 

A few bullet points with platitudes about “keeping records up-to-date”, “having clear opt-ins” and “getting a good privacy policy” aren’t enough for you to make the right decisions. What might those general principles mean to you? How do they apply in your situation?

It’s likely that you need a helping hand, rather than a teacher’s blackboard. If the most you can get from someone is a smart-looking video and a 5 point plan, keep your credit card in your pocket. At very least, you will need someone who can give you specific answers to you specific questions, even if those answers are “we don’t know yet.”

Just as the Millenium Bug turned semi-decent programmers into megabucks consultants, there is a real danger that GDPR will turn fly-by-night operators into Data Protection Gurus. I am anything but a GDPR expert. I am a consultant interpreter. But together we can make sure that we bypass the fakesperts and spend cash wisely on getting the advice and help that will not only ensure we pass the legal checks but run a much more streamlined, efficient business.

Leave a Reply

Your email address will not be published. Required fields are marked *