Meeting the GDPR deadline: Don't panic, and show your working

With less than a month to go, many organisations are expected to remain non-compliant

EU flag flying

"I love deadlines. I love the whooshing sound they make as they fly by."

So said Douglas Adams, late on delivering a book, and I'm quoting it now while running late delivering an article.

In a turn towards the meta, this is actually an opinion piece about another deadline - and one that's nothing to do with publishing.

Advertisement - Article continues below

That's right, GDPR is less than a month away, painting a future fraught with risk or ripe with opportunity, depending on your outlook.

From 25 May, the EU's General Data Protection Regulation will apply to all organisations large and small, public and private, that hold or process the personal information of EU residents.

In the business world, projects can often overrun and timelines can change in tune with the commercial priorities and time constraints we all work within, but this is one deadline that can't be moved.

So obviously you must be well on your way to compliance by now, right?

Apparently not. The latest flurry of figures suggest that many businesses are nowhere near being prepared for the new legislation's demands that they re-establish a legal basis for using people's data (whether that's consent or otherwise), are able to quickly respond to subject access requests, can delete people's data if asked to and much, much more.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Analytics firm SAS reports that 46% of UK and Irish companies won't meet the deadline, and found that only 7% of businesses the world over are fully compliant, according to a snap survey of 183 business people it conducted.

Meanwhile, data protection lawyers predict that there will be plenty of non-compliance following the deadline, and our former CTO tells me that "given incumbent IT systems it could take decades" for any company that's not a tech giant to reach compliance.

So what does all this mean for your organisation? Well, firstly, don't panic. Hopefully, you're some way along your compliance journey, even if you're not going to make the deadline.

The UK data regulator, the Information Commissioner's Office (ICO), will likely spot most non-compliance through data breaches, and it'll look to audit these companies' data protection measures first.

A huge part of GDPR is all about promoting good practice in the event a breach happens: informing the regulator of an incident within 72 hours and customers without undue delay.

Advertisement - Article continues below

Most lawyers and industry experts agree that the ICO will come down heavily on breached organisations that cannot demonstrate that they are trying hard to comply with GDPR, even if they're not quite there.

You're far less likely to suffer a significant fine if you can share solid documentation of the GDPR-compliant processes you've implemented, and show a detailed roadmap of achieving anything that you haven't finished yet.

Other than that, make sure everyone in your organisation understands the role they play in helping achieve GDPR compliance, promoting common sense practices such as not sharing customer data with external parties or storing it on private cloud storage accounts.

On a macro level, ensure you understand what data your organisation has, why it has that data, and how that data is processed.

The next step is to make this clear to customers, who have new rights to access the data you hold on them. You should ensure you store their data in a way that makes it easy for customers to access and amend their data if it's out of date, and in a way that lets you delete their data if they ask you to.

And remember that once you get beyond simply complying with GDPR, there's plenty of benefits you can begin to realise, from improving customer trust, to streamlining what data you collect and minimising the risk of breaches.

Image: Shutterstock

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement
Advertisement

Recommended

Visit/security/privacy/355048/government-may-trace-covid-19-patients-using-mobile-phone-data
privacy

UK government may trace COVID-19 patients using mobile phone data

20 Mar 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354842/irish-data-regulator-racks-up
General Data Protection Regulation (GDPR)

Irish data regulator racks up GDPR cases against Big Tech

24 Feb 2020
Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019
Visit/backup/33385/arcserve-udp-9240dr-review-beef-up-your-backups
backup

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/mobile/mobile-phones/355088/apple-lifts-iphone-purchase-restrictions
Mobile Phones

Apple lifts iPhone purchase restrictions

23 Mar 2020