It is impossible to ignore the momentum behind the General Data Protection Regulation (GDPR) compliance requirement. It stimulates many process, information governance and security related discussions as its swings between saint and sinner in the minds of legal, business and technology based personnel. May 25th 2018 is the ICO issued GDPR compliance deadline, however Gartner believes 50% of organisations affected will not be complaint by the end of 2018 (Gartner, May 2017).
GDPR cannot and should not be considered a short term fix but instead a pragmatic review and recalibration of security controls to effectively manage “EU” user centric digital assets in the 21st century. It’s time to shift GDPR to a positive, business enhancing consideration rather than a board level topic of dread based on sluggish progress and hard to quantify expense. Expanding beyond “doing the minimum required” will highlight the fundamental relationship between consumer / user trust in a digital world and secure information handling. Few data assets can be more important to a user / consumer or the organisation than PII information based on its digital representation of the persona of an individual.
The relentless rise and rise of the digital economy is underpinned by confidence, trust and uncorroborated belief in a mass of interconnected IT systems that users / consumers cannot see and often have little access to. GDPR attempts to bolster that confidence by highlighting organisations that leverage good practices and deliver certainty to user centric digital data processing and management elements to reinforce “trust” in a very fluid digital world. Now is the time to accelerate GDPR activities to realise the business and consumer benefits of compliance faster. This is unlikely to occur from hard work alone (but that is certainly required), it requires a reframed philosophical viewpoint conveyed to all involved in the GDPR working party of review and remediation.
The GDPR compliance team must be motivated and inspired to undertake their work with urgency, passionately volunteering regular stakeholder progress updates to the exec board – the importance of GDPR stakeholder information updates to convey the importance and ongoing benefits cannot be overplayed. GDPR progress bulletins will energise all involved in GDPR remediation with the knowledge that everything they do enhances the overall security posture of the organisation, delivers optimum management of user / consumer personal data assets and therefore improves both the internal and external company perception to a measurable degree.
These small changes will help to evolve the intellectual view of the GDPR from a compliance work programme to one of the most important consumer and business impacting information management activities in recent times. Serious stuff….
Until next time.
Chief Technologist: Networking, Security & Collaboration. Computacenter UK
Citation: 1 http://www.gartner.com/newsroom/id/3701117