There are so many flights of steps* to GDPR compliance being publicised currently, all with valid guidance, but missing that little something – history. However, there have been 12 tried and tested steps in circulation for around 70 years, and with some modification, the Alcoholics Anonymous approach has some surprisingly appropriate parallels. So without any desire or intention to belittle the AA mission but rather to walk along upon a well-trodden pathway I would like to introduce myself:
My name is Russell and I am a personal-dataholic, I have been for 34 years. I, and my organisation:
- Have admitted we were users of personal data and that our processing needed proper reflection
- Came to appreciate that powers greater than ourselves are setting the rules (the EU, government & supervisory authority)
- Made a decision to turn our attention to compliance with the General Data Protection Regulation (GDPR)
- Made a searching and fearless inventory of personal data and its impact
- Admitted to ourselves and to our data subjects the exact nature of our processing, securing the proper consent
- Were entirely ready to tell the supervisory authority of any data breaches we have suffered
- Humbly asked the supervisory authority for guidance and help in implementing change
- Made a list of all persons we have data on and ensured that they are aware of the processing
- Made immediate amendments to such data wherever requested, except when to do so would make compliance with other regulations impossible
- Continued to review of our training, processes and data, promptly fixing anything that was wrong
- Sought to utilise tools which make achieving and remaining compliant easier and transparent
- Having had a professional awakening as the result of these steps, we tried to carry this message to other personal-dataholics and to practice these principles in all our affairs
The governance and processes surrounding your organisation’s management of personal data truly deserves proper consideration a thought – maybe these 12 steps could be part of your journey.
* See also (in number of steps order, after the ICO!):
- Information Commissioners Office Preparing for the General Data Protection Regulation (GDPR) 12 steps to take now
- BSI 20 steps to GDPR compliance (‘free‘ download)
- Harrison Clark Rickerbys Preparing for the General Data Protection Regulation (GDPR) – 10 Steps for Schools
- Information Age 6 steps to GDPR compliance
- SAS 5 steps to sustainable GDPR compliance
- IBM Countdown to GDPR: are you ready to create opportunity from change? (3 steps)
And for completeness: Alcoholics Anonymous 12 steps
See also: A History of Alcoholics Anonymous
