Meeting the GDPR deadline: Don't panic, and show your working

With less than a month to go, many organisations are expected to remain non-compliant

EU flag flying

"I love deadlines. I love the whooshing sound they make as they fly by."

So said Douglas Adams, late on delivering a book, and I'm quoting it now while running late delivering an article.

In a turn towards the meta, this is actually an opinion piece about another deadline - and one that's nothing to do with publishing.

That's right, GDPR is less than a month away, painting a future fraught with risk or ripe with opportunity, depending on your outlook.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

From 25 May, the EU's General Data Protection Regulation will apply to all organisations large and small, public and private, that hold or process the personal information of EU residents.

In the business world, projects can often overrun and timelines can change in tune with the commercial priorities and time constraints we all work within, but this is one deadline that can't be moved.

So obviously you must be well on your way to compliance by now, right?

Apparently not. The latest flurry of figures suggest that many businesses are nowhere near being prepared for the new legislation's demands that they re-establish a legal basis for using people's data (whether that's consent or otherwise), are able to quickly respond to subject access requests, can delete people's data if asked to and much, much more.

Analytics firm SAS reports that 46% of UK and Irish companies won't meet the deadline, and found that only 7% of businesses the world over are fully compliant, according to a snap survey of 183 business people it conducted.

Meanwhile, data protection lawyers predict that there will be plenty of non-compliance following the deadline, and our former CTO tells me that "given incumbent IT systems it could take decades" for any company that's not a tech giant to reach compliance.

Advertisement - Article continues below

So what does all this mean for your organisation? Well, firstly, don't panic. Hopefully, you're some way along your compliance journey, even if you're not going to make the deadline.

The UK data regulator, the Information Commissioner's Office (ICO), will likely spot most non-compliance through data breaches, and it'll look to audit these companies' data protection measures first.

A huge part of GDPR is all about promoting good practice in the event a breach happens: informing the regulator of an incident within 72 hours and customers without undue delay.

Most lawyers and industry experts agree that the ICO will come down heavily on breached organisations that cannot demonstrate that they are trying hard to comply with GDPR, even if they're not quite there.

Advertisement
Advertisement - Article continues below

You're far less likely to suffer a significant fine if you can share solid documentation of the GDPR-compliant processes you've implemented, and show a detailed roadmap of achieving anything that you haven't finished yet.

Other than that, make sure everyone in your organisation understands the role they play in helping achieve GDPR compliance, promoting common sense practices such as not sharing customer data with external parties or storing it on private cloud storage accounts.

Advertisement - Article continues below

On a macro level, ensure you understand what data your organisation has, why it has that data, and how that data is processed.

The next step is to make this clear to customers, who have new rights to access the data you hold on them. You should ensure you store their data in a way that makes it easy for customers to access and amend their data if it's out of date, and in a way that lets you delete their data if they ask you to.

And remember that once you get beyond simply complying with GDPR, there's plenty of benefits you can begin to realise, from improving customer trust, to streamlining what data you collect and minimising the risk of breaches.

Image: Shutterstock

Featured Resources

Digital Risk Report 2020

A global view into the impact of digital transformation on risk and security management

Download now

6 ways your business could suffer if you don’t backup Office 365

Office 365 makes it easy to lose valuable data regularly, unpredictably, unintentionally, and for good

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now

8 digital best practices for IT professionals

Don't leave anything to chance when going digital

Download now
Advertisement

Recommended

Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019
Visit/backup/33385/arcserve-udp-9240dr-review-beef-up-your-backups
backup

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/security/cyber-security/354827/mcafee-researchers-trick-tesla-autopilot-with-a-strip-of-tape
cyber security

McAfee researchers trick Tesla autopilot with a strip of tape

21 Feb 2020
Visit/policy-legislation/data-protection/354814/google-to-shift-uk-user-data-to-the-us-post-brexit
data protection

Google to shift UK user data to the US post-Brexit

20 Feb 2020