Meeting the GDPR deadline: Don't panic, and show your working

With less than a month to go, many organisations are expected to remain non-compliant

EU flag flying

"I love deadlines. I love the whooshing sound they make as they fly by."

So said Douglas Adams, late on delivering a book, and I'm quoting it now while running late delivering an article.

In a turn towards the meta, this is actually an opinion piece about another deadline - and one that's nothing to do with publishing.

That's right, GDPR is less than a month away, painting a future fraught with risk or ripe with opportunity, depending on your outlook.

From 25 May, the EU's General Data Protection Regulation will apply to all organisations large and small, public and private, that hold or process the personal information of EU residents.

In the business world, projects can often overrun and timelines can change in tune with the commercial priorities and time constraints we all work within, but this is one deadline that can't be moved.

So obviously you must be well on your way to compliance by now, right?

Apparently not. The latest flurry of figures suggest that many businesses are nowhere near being prepared for the new legislation's demands that they re-establish a legal basis for using people's data (whether that's consent or otherwise), are able to quickly respond to subject access requests, can delete people's data if asked to and much, much more.

Analytics firm SAS reports that 46% of UK and Irish companies won't meet the deadline, and found that only 7% of businesses the world over are fully compliant, according to a snap survey of 183 business people it conducted.

Meanwhile, data protection lawyers predict that there will be plenty of non-compliance following the deadline, and our former CTO tells me that "given incumbent IT systems it could take decades" for any company that's not a tech giant to reach compliance.

So what does all this mean for your organisation? Well, firstly, don't panic. Hopefully, you're some way along your compliance journey, even if you're not going to make the deadline.

The UK data regulator, the Information Commissioner's Office (ICO), will likely spot most non-compliance through data breaches, and it'll look to audit these companies' data protection measures first.

A huge part of GDPR is all about promoting good practice in the event a breach happens: informing the regulator of an incident within 72 hours and customers without undue delay.

Most lawyers and industry experts agree that the ICO will come down heavily on breached organisations that cannot demonstrate that they are trying hard to comply with GDPR, even if they're not quite there.

You're far less likely to suffer a significant fine if you can share solid documentation of the GDPR-compliant processes you've implemented, and show a detailed roadmap of achieving anything that you haven't finished yet.

Other than that, make sure everyone in your organisation understands the role they play in helping achieve GDPR compliance, promoting common sense practices such as not sharing customer data with external parties or storing it on private cloud storage accounts.

On a macro level, ensure you understand what data your organisation has, why it has that data, and how that data is processed.

The next step is to make this clear to customers, who have new rights to access the data you hold on them. You should ensure you store their data in a way that makes it easy for customers to access and amend their data if it's out of date, and in a way that lets you delete their data if they ask you to.

And remember that once you get beyond simply complying with GDPR, there's plenty of benefits you can begin to realise, from improving customer trust, to streamlining what data you collect and minimising the risk of breaches.

Image: Shutterstock

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Misconfigured Git servers lead to Nissan data leak
hacking

Misconfigured Git servers lead to Nissan data leak

7 Jan 2021
BackupAssist teams with Wasabi to offer cheaper backup for businesses
backup

BackupAssist teams with Wasabi to offer cheaper backup for businesses

6 Jan 2021
Data: A resource much too valuable to leave unprotected
Whitepaper

Data: A resource much too valuable to leave unprotected

2 Dec 2020
Webhose and Signal Corp boost data breach detection
Security

Webhose and Signal Corp boost data breach detection

7 Oct 2020

Most Popular

IT retailer faces €10.4m GDPR fine for employee surveillance
General Data Protection Regulation (GDPR)

IT retailer faces €10.4m GDPR fine for employee surveillance

18 Jan 2021
Should IT departments call time on WhatsApp?
communications

Should IT departments call time on WhatsApp?

15 Jan 2021
Citrix buys Slack competitor Wrike in record $2.25bn deal
collaboration

Citrix buys Slack competitor Wrike in record $2.25bn deal

19 Jan 2021