GDPR compliance is not straightforward. It is not a tick box exercise and is not something that you can "pass" and then forget. It fundamentally changes the landscape on how companies deal with personal data.
Personal data creeps into many aspects of the business and due to the portability of data, it tends to seep through an organisation. It has an unusual reach that companies need to get their arms around to understand, not only in terms of where the data resides, but how it is actually used. These need to be mapped and appropriately controlled in an on-going manner, so that any system or process changes take into account how personal data is used.
Even though to many this sounds like an IT project, it is much wider than that and a sucessful project will involve stakeholders from throughout the business as well as having senior management sponsorship.
With May 2018 getting closer and closer, it is time to get serious about GDPR compliance. This means not only establishing what legal measures need to be adopted in contracts and through consent etc, but also establishing how, where and who uses personal data.
The potential for massive fines under GDPR, let alone the damage companies face following any sort of data breach, means that GDPR should be a top priority for companies. However, the 19% of UK companies having C-level executive involvement in the GDPR process indicates that this is not the case. This needs to change, otherwise companies will find themselves on the wrong side of fines, bad publicity and angry stakeholders!
UK boardrooms aren’t treating the General Data Protection Regulation (GDPR) with the seriousness required, resulting in overconfidence when it comes to compliance. This is the main finding of the latest research from Trend Micro, which surveyed over 1,000 IT decision makers from businesses across the globe. With GDPR less than a year away, businesses and marketers are required to protect all customer ‘personal information’. However,the research reveals that businesses aren’t sure which data this actually applies to.
http://www.netimperative.com/2017/09/gdpr-elephant-british-boardrooms/
