Ghost Stories/ GDPR with JCBCs

When it comes to IT I have opinions on a lot of things. To use the car sales analogy, I can sell you a 2 litre saloon, but I do not need to know how an internal fuel combustion engine works, and the technical difference between a 2 litre, and a 1.6 litre engine. One is just stronger.

This Ghost Stories guest is different to me. I have never in my life come across a person with such a huge and in-depth knowledge of the IT universe. I have known Justin Bentley for a few years now, and he has always been on the end of the phone for me. If any of my clients had questions about their IT hardware or software, I’d simply call Justin, and was sure I’d get the appropriate answer.

Then along came May 25th 2018. GDPR day!!!

We didn’t know what we didn’t know about GDPR. Panic started to set in from all sides. Are we compliant, can we be compliant? Do we get a certificate? Is our data safe? The list goes on, and on, and on.

I decided to take the bull by the horns, and went on a training day with Justin at Crumlin Road Gaol. Training on GDPR. Not only to help me, but to help my clients too. I was surprised how intense, and insightful the course was, and was glad I attended.

The Chat

It is sometimes difficult when one is discussing a subject with an expert in that subject. Acronyms can be used, and as a result confusion can take over. Out of sheer embarrassment we sometimes don’t ask what GDPR means really. Justin is different. He is acutely aware of how much he knows, and thankfully speaks to people who are not as aware in a language they can understand.

It was an open discussion and those in attendance were clearly there to learn. In fact one of the attendees (Scott Stevenson) is a data security advisor. This was a welcome addition, as anything that was advised during the chat was seconded. I brought up the whole tin-foil hat, conspiracy theory agenda, and the facts were explained to me in a way that dispelled this.

We discussed cold-calling, prospecting, marketing, buying/acquiring data bases of contacts. How we can approach potential customers in a way that does not get us in trouble. Social media dos and don’ts, photographs, customer logos on our websites etc. At every turn Justin answered the questions, and offered advice.

What we learned

  1. You cannot be GDPR compliant, it is a constant journey.
  2. GDPR is not there to hamper us in business. It is there to make us better, and respectful to potential clients.
  3. Sign in sheets is a breach of GDPR (Google GDPR sign in sheets).
  4. Everyone should have a VPN on their system. (IP Vanish was recommended)
  5. Before publishing public event pictures, the people in the background should be blurred, if no consent is given.
  6. The phrase “Legitimate Interest” is being used out of context.
  7. Before cold-calling it is prudent to check if your prospect is on either the Corporate Telephone Preference Service (CTPS), or the Telephone Preference Service (TPS). If they are, you cannot legitimately call.
  8. Check on the ICO website ( to see if your business needs to register. If it does, then register.
  9. For marketing purposes, adding prospects to your data base cannot be done unless you have an appropriate basis for doing so for which that person is fully aware!
  10. Microsoft 365 is an excellent solution, but nowhere is utterly safe for your data.
  11. If you website is not https and you have a contact form, you are in breach of GDPR.
  12. Your business privacy policy cannot have the words “might”, “can” or “could” in it.
  13. Within the next 6 months Goggle Analytics on your website might be a breach of GDPR. Your website will need an opt in button in order to use GA. The user cannot be asked to opt out. They must give consent.
  14. Showing your work ID badge on social media is a bad idea as you are giving away personal details that can be used against you.

Thank you so much Justin

Leave a Reply

Your email address will not be published.

Just a sec