Meeting the GDPR deadline: Don't panic, and show your working

With less than a month to go, many organisations are expected to remain non-compliant

EU flag flying

"I love deadlines. I love the whooshing sound they make as they fly by."

So said Douglas Adams, late on delivering a book, and I'm quoting it now while running late delivering an article.

In a turn towards the meta, this is actually an opinion piece about another deadline - and one that's nothing to do with publishing.

That's right, GDPR is less than a month away, painting a future fraught with risk or ripe with opportunity, depending on your outlook.

From 25 May, the EU's General Data Protection Regulation will apply to all organisations large and small, public and private, that hold or process the personal information of EU residents.

In the business world, projects can often overrun and timelines can change in tune with the commercial priorities and time constraints we all work within, but this is one deadline that can't be moved.

So obviously you must be well on your way to compliance by now, right?

Apparently not. The latest flurry of figures suggest that many businesses are nowhere near being prepared for the new legislation's demands that they re-establish a legal basis for using people's data (whether that's consent or otherwise), are able to quickly respond to subject access requests, can delete people's data if asked to and much, much more.

Analytics firm SAS reports that 46% of UK and Irish companies won't meet the deadline, and found that only 7% of businesses the world over are fully compliant, according to a snap survey of 183 business people it conducted.

Meanwhile, data protection lawyers predict that there will be plenty of non-compliance following the deadline, and our former CTO tells me that "given incumbent IT systems it could take decades" for any company that's not a tech giant to reach compliance.

So what does all this mean for your organisation? Well, firstly, don't panic. Hopefully, you're some way along your compliance journey, even if you're not going to make the deadline.

The UK data regulator, the Information Commissioner's Office (ICO), will likely spot most non-compliance through data breaches, and it'll look to audit these companies' data protection measures first.

A huge part of GDPR is all about promoting good practice in the event a breach happens: informing the regulator of an incident within 72 hours and customers without undue delay.

Most lawyers and industry experts agree that the ICO will come down heavily on breached organisations that cannot demonstrate that they are trying hard to comply with GDPR, even if they're not quite there.

You're far less likely to suffer a significant fine if you can share solid documentation of the GDPR-compliant processes you've implemented, and show a detailed roadmap of achieving anything that you haven't finished yet.

Other than that, make sure everyone in your organisation understands the role they play in helping achieve GDPR compliance, promoting common sense practices such as not sharing customer data with external parties or storing it on private cloud storage accounts.

On a macro level, ensure you understand what data your organisation has, why it has that data, and how that data is processed.

The next step is to make this clear to customers, who have new rights to access the data you hold on them. You should ensure you store their data in a way that makes it easy for customers to access and amend their data if it's out of date, and in a way that lets you delete their data if they ask you to.

And remember that once you get beyond simply complying with GDPR, there's plenty of benefits you can begin to realise, from improving customer trust, to streamlining what data you collect and minimising the risk of breaches.

Image: Shutterstock

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

Webhose and Signal Corp boost data breach detection
Security

Webhose and Signal Corp boost data breach detection

7 Oct 2020
ICO to relax GDPR enforcement during coronavirus economic downturn
General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020
The NHS teams up with Apple and Google on coronavirus tracking app
privacy

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
Health sites are 'unlawfully' sharing medical data with Facebook and Google
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
iPhone 12 lineup official with A14 Bionic chip and 5G support
Mobile Phones

iPhone 12 lineup official with A14 Bionic chip and 5G support

13 Oct 2020
Google blocked record-breaking 2.5Tbps DDoS attack in 2017
Security

Google blocked record-breaking 2.5Tbps DDoS attack in 2017

19 Oct 2020