The 25th of May 2018. For many, that date will have registered little interest when the first official draft of the EU General Data Protection Regulation was published back in 2012.
The date, and what it would bring, was something to be aware of but too far away to interfere with other, more pressing concerns. Fast-forward to 2016, when the final draft was approved by the EU Parliament, and the speck on the horizon had grown to a more sizeable blob. There was a sudden shift in attitude and the date became a concern for all businesses in all sectors and of all sizes.
Today, with under a year to go, the date is all-consuming. GDPR dominates the headlines and has bulldozed its way into the everyday vocabulary of both employers and employees alike.
And is it any wonder when typing ‘GDPR’ into your Google search bar greets you with a never-ending stream of websites and news articles offering advice and guidance to complement, or in some cases override, your own preparations for the regulation?
Much of this advice takes the shape of bullet-point lists, detailing the five, ten, sometimes even 15 or more steps that you must take “immediately’’ or else succumb to the financial and legal consequences that lie in wait for businesses who fail to achieve compliance in time. The doom, gloom and sense of urgency surrounding the upcoming regulation has created a new type of ‘expert’, offering the tantalising promise that a dose of their sage wisdom will make your GDPR compliance simple and immediate.
But who are these people? And how can they possibly know what total compliance looks like at this moment in time?
Surprise, surprise they are typically vendors, jumping on GDPR as the latest bandwagon offering opportunities for a quick sell. The truth is that they can’t know. Not yet anyway.
GDPR, as it currently stands, is not a destination that you can just ‘arrive’ at by clicking a button or buying a single product. There’s too much uncertainty about what it looks like at the moment. Even the Information Commissioner’s Office website is being updated each month with new information around the regulation, what it is and how to comply. We should think of GDPR compliance as an ongoing journey that all businesses must undertake, including security vendors...
And herein lies the purpose behind this series of blog posts we’re launching today. We recognise that there is not enough certainty to offer you cast-iron, definitive advice and instruction so we’re offering something else; an honest and transparent view of our own journey towards GDPR and GDPR compliance, as told from the point of view of different departments, and people, within our organisation.
And here I am to kick it all off…
I don’t have all the answers and can’t give you a simple and concise bullet-point list of 5 steps to make you 100% GDPR compliant. But I can give you an idea of things as they stand from my perspective as the CEO of a security company.
Over the years, I’ve seen a noticeable shift in the way that both IT and technology are regarded within businesses. The challenges of network security, digital infrastructure and what to do with the reams and reams of data produced - these are no longer just problems for IT teams and legal departments to deal with.
Likewise, the implementation of GDPR is not something that can just be glanced at and signed-off, or passed along by board members. Every single person in the business is responsible for and must play an active role in implementing and complying to GDPR. As such, collaboration between all departments and the leadership team is key during the transition process. As a CEO preparing for GDPR within my own organisation, creating an environment that encourages that collaboration has certainly been at the forefront of my mind.
And so has reviewing all our existing data management practices. As the legislation will change the way that organisations collect, store, and use personal information, it’s all about understanding what data you have and where it is. Let’s face it – this can be an overwhelming task when we consider just how much data is produced in today’s digital world.
What’s even more overwhelming is how to keep this data secure – a task that the new regulation reinforces will be the company’s responsibility. I guess, for some, this is where security vendors come in.