A great article discussing strategies for GDPR from the Association of Corporate Counsel’s annual meeting. GDPR is becoming an increasingly important and urgent topic for organisations to deal with especially given its wide-reaching impact - some of which are set out below:
- The onus on organisations now is to understand what data they have and establish the legal need to have it and process it. This is especially relevant as data easily spreads around internal systems and shadows IT - particularly in respect to sales and marketing data. Most sales and marketing departments like to hoard data, keeping it for further analytics and for the “just-in-case” scenarios even when it has no value. As GDPR needs consent and/or lawful basis of processing, the scale of the problem to manage, maintain or even delete this information is now just coming to the fore.
- The sheer size and scale of the recently reported data breaches is breath-taking. It shows that even with huge corporate budgets and a myriad of security professionals, mistakes do happen and there are always criminal/state actors who will take advantage of this without remorse. It also questions how much data should any one company hold, especially where it has the potential to cause severe damage to people’s lives, without needing to have oversight or be regulated.
GDPR will help in the process of driving awareness for organisations as to the what/ where/ why/ who/ when/how they deal with data. GDPR shouldn’t be seen as a beating stick, but a standard to follow. This is especially relevant as more and more personal data ends up online. Organisations need to have mature governance programmes to ensure that they act responsibly with the information they hold or have access to, no matter their industry or location.
Are you ready?
With the European Union’s General Data Protection Regulation (GDPR) set to go into effect in less than a year, companies and in-house counsel have been considering the implications – and the massive potential fines – for some time now. But with the May 2018 date looming, what are legal departments doing to prepare?