Meeting the GDPR deadline: Don't panic, and show your working

With less than a month to go, many organisations are expected to remain non-compliant

EU flag flying

"I love deadlines. I love the whooshing sound they make as they fly by."

So said Douglas Adams, late on delivering a book, and I'm quoting it now while running late delivering an article.

In a turn towards the meta, this is actually an opinion piece about another deadline - and one that's nothing to do with publishing.

Advertisement - Article continues below

That's right, GDPR is less than a month away, painting a future fraught with risk or ripe with opportunity, depending on your outlook.

From 25 May, the EU's General Data Protection Regulation will apply to all organisations large and small, public and private, that hold or process the personal information of EU residents.

In the business world, projects can often overrun and timelines can change in tune with the commercial priorities and time constraints we all work within, but this is one deadline that can't be moved.

So obviously you must be well on your way to compliance by now, right?

Apparently not. The latest flurry of figures suggest that many businesses are nowhere near being prepared for the new legislation's demands that they re-establish a legal basis for using people's data (whether that's consent or otherwise), are able to quickly respond to subject access requests, can delete people's data if asked to and much, much more.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Analytics firm SAS reports that 46% of UK and Irish companies won't meet the deadline, and found that only 7% of businesses the world over are fully compliant, according to a snap survey of 183 business people it conducted.

Meanwhile, data protection lawyers predict that there will be plenty of non-compliance following the deadline, and our former CTO tells me that "given incumbent IT systems it could take decades" for any company that's not a tech giant to reach compliance.

So what does all this mean for your organisation? Well, firstly, don't panic. Hopefully, you're some way along your compliance journey, even if you're not going to make the deadline.

The UK data regulator, the Information Commissioner's Office (ICO), will likely spot most non-compliance through data breaches, and it'll look to audit these companies' data protection measures first.

A huge part of GDPR is all about promoting good practice in the event a breach happens: informing the regulator of an incident within 72 hours and customers without undue delay.

Advertisement - Article continues below

Most lawyers and industry experts agree that the ICO will come down heavily on breached organisations that cannot demonstrate that they are trying hard to comply with GDPR, even if they're not quite there.

You're far less likely to suffer a significant fine if you can share solid documentation of the GDPR-compliant processes you've implemented, and show a detailed roadmap of achieving anything that you haven't finished yet.

Other than that, make sure everyone in your organisation understands the role they play in helping achieve GDPR compliance, promoting common sense practices such as not sharing customer data with external parties or storing it on private cloud storage accounts.

On a macro level, ensure you understand what data your organisation has, why it has that data, and how that data is processed.

The next step is to make this clear to customers, who have new rights to access the data you hold on them. You should ensure you store their data in a way that makes it easy for customers to access and amend their data if it's out of date, and in a way that lets you delete their data if they ask you to.

And remember that once you get beyond simply complying with GDPR, there's plenty of benefits you can begin to realise, from improving customer trust, to streamlining what data you collect and minimising the risk of breaches.

Image: Shutterstock

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now
Advertisement
Advertisement

Recommended

ICO to relax GDPR enforcement during coronavirus economic downturn
General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020
The NHS teams up with Apple and Google on coronavirus tracking app
privacy

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
Health sites are 'unlawfully' sharing medical data with Facebook and Google
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
Supreme Court rules Morrisons was not liable for 2014 data breach
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
UN report points to a 350% rise in phishing websites at start of 2020
phishing

UN report points to a 350% rise in phishing websites at start of 2020

7 Aug 2020