I've been saying for a while that the hard deadline for GDPR is the 25th May 2018, and a lot of businesses are already making some moves towards full compliance by that date, but according to a few websites that posted about this during January 2018, more than half of businesses in the UK are still unaware of GDPR.
About half of businesses (of those that are aware) believe GDPR doesn't apply to them.
It's amazing to see that we live in a society where capturing personal data is absolutely everywhere, yet a low proportion of businesses are so outdated in their consent policy or even not seeking consent at all!
I had an experience with a well known brand last week, where I was asked if I wanted the receipt to be emailed to me instead of giving me a paper copy. I was caught in a moment of weakness as I usually say no to that, and said yes. I'm not going to mention the company because it's not worth the hassle. I got my receipt as I expected, and less than 24 hours later, I had a marketing email pushing a satisfaction survey from this brand, and my details were being passed to a third party. I can't think of a worst way of engaging a customer than that.
Not only I got angry at the lack of consent, and having read and studied the upcoming GDPR regulation, I was shocked to see how out of touch this brand was with their marketing practices. This business did not ask me anything at all, not even at the till, if I wanted to be marketed to. Other businesses that send receipts via email have asked me in the past, so I know it can be done.
If you have not started working towards compliance, you should. If this is the case, it is unlikely you'll be able to get there on time, but this doesn't mean you shouldn't at least start edging in the right direction to get to a defensible position when the time comes.
Don't let yourselves be fooled with the myriad of companies out there that claim they are GDPR experts, At this moment in time, nobody is an expert in GDPR right now. We are all working on implementations that apply specifically to each individual company, as no two organisations are the same.
GDPR comes into force on 25th May 2018. Start working towards complying, don't leave yourself exposed.