GDPR - an expectation gap?
Many companies think that GDPR is an issue for the IT team alone. This could lead to misunderstandings with IT contractors and potential claims, in the event of a data breach.
At a recent network review meeting with our own IT consultants, they mentioned that a number of their clients have asked if, as technology experts, they could make sure that the client business will be compliant with the new GDPR regulations when they arrive in May.
The discussion that followed concluded that, in the eyes of many business owners, GDPR is simply an IT challenge.
If the expectation of business is that GDPR compliance is the responsibility of IT staff and consultants, there is a very real prospect of disputes arising. GDPR is certainly about having the right equipment in place but it also involves reviewing:
- data and business processes,
- legal advice on contract wordings and terms of business,
- corporate culture,
- staff knowledge and ongoing training on threats,
- consent or other legitimate bases for holding the data of others, to name a few.
IT workers should take great care to discuss any potential expectation gap with clients. Any mis-match between the freelance services intended for delivery and the outcome sought by the client might well result in a costly claim unless care is taken. Written records of any such discussions are vital in the event of dispute arising.