Personal-Data-holics Anonymous – the 12 steps

There are so many flights of steps* to GDPR compliance being publicised currently, all with valid guidance, but missing that little something – history.  However, there have been 12 tried and tested steps in circulation for around 70 years, and with some modification, the Alcoholics Anonymous approach has some surprisingly appropriate parallels.  So without any desire or intention to belittle the AA mission but rather to walk along upon a well-trodden pathway I would like to introduce myself:

My name is Russell and I am a personal-dataholic, I have been for 34 years.  I, and my organisation:

  1. Have admitted we were users of personal data and that our processing needed proper reflection
  2. Came to appreciate that powers greater than ourselves are setting the rules (the EU, government & supervisory authority)
  3. Made a decision to turn our attention to compliance with the General Data Protection Regulation (GDPR)
  4. Made a searching and fearless inventory of personal data and its impact
  5. Admitted to ourselves and to our data subjects the exact nature of our processing, securing the proper consent
  6. Were entirely ready to tell the supervisory authority of any data breaches we have suffered
  7. Humbly asked the supervisory authority for guidance and help in implementing change
  8. Made a list of all persons we have data on and ensured that they are aware of the processing
  9. Made immediate amendments to such data wherever requested, except when to do so would make compliance with other regulations impossible
  10. Continued to review of our training, processes and data, promptly fixing anything that was wrong
  11. Sought to utilise tools which make achieving and remaining compliant easier and transparent
  12. Having had a professional awakening as the result of these steps, we tried to carry this message to other personal-dataholics and to practice these principles in all our affairs

The governance and processes surrounding your organisation’s management of personal data truly deserves proper consideration a thought – maybe these 12 steps could be part of your journey.

* See also (in number of steps order, after the ICO!):

And for completeness: Alcoholics Anonymous 12 steps

See also: A History of Alcoholics Anonymous

How Gydeline helps

We, at Gydeline, help small and medium sized organisations save money and time by building systems, processes and policies that simplify their business and support their sustainability aims.  We do this with a range of services.

If you would like to discuss any aspects of dealing with this and other risks in your business we are always happy to offer some, free, no obligation assistance – just contact us.

Related Posts