The 25th of May 2018. For many, that date will have registered little interest when the first official draft of the EU General Data Protection Regulation was published back in 2012.
The date, and what it would bring, was something to be aware of but too far away to interfere with other, more pressing concerns. Fast-forward to 2016, when the final draft was approved by the EU Parliament, and the speck on the horizon had grown to a more sizeable blob. There was a sudden shift in attitude and the date became a concern for all businesses in all sectors and of all sizes.
Today, with under a year to go, the date is all-consuming. GDPR dominates the headlines and has bulldozed its way into the everyday vocabulary of both employers and employees alike.
And is it any wonder when typing ‘GDPR’ into your Google search bar greets you with a never-ending stream of websites and news articles offering advice and guidance to complement, or in some cases override, your own preparations for the regulation?
Much of this advice takes the shape of bullet-point lists, detailing the five, ten, sometimes even 15 or more steps that you must take “immediately’’ or else succumb to the financial and legal consequences that lie in wait for businesses who fail to achieve compliance in time. The doom, gloom and sense of urgency surrounding the upcoming regulation has created a new type of ‘expert’, offering the tantalising promise that a dose of their sage wisdom will make your GDPR compliance simple and immediate.
But who are these people? And how can they possibly know what total compliance looks like at this moment in time?
Surprise, surprise they are typically vendors, jumping on GDPR as the latest bandwagon offering opportunities for a quick sell. The truth is that they can’t know. Not yet anyway.
GDPR, as it currently stands, is not a destination that you can just ‘arrive’ at by clicking a button or buying a single product. There’s too much uncertainty about what it looks like at the moment. Even the Information Commissioner’s Office website is being updated each month with new information around the regulation, what it is and how to comply. We should think of GDPR compliance as an ongoing journey that all businesses must undertake, including security vendors.
I don’t have all the answers and can’t give you a simple and concise bullet-point list of 5 steps to make you 100% GDPR compliant. But I can give you an idea of things as they stand from my perspective, as the CEO of a security company.
Over the years, I’ve seen a noticeable shift in the way that both IT and technology are regarded within businesses. The challenges of network security, digital infrastructure and what to do with the reams and reams of data produced – these are no longer just problems for IT teams and legal departments to deal with.
Likewise, the implementation of GDPR is not something that can just be glanced at and signed-off, or passed along by board members. Every single person in the business is responsible for and must play an active role in implementing and complying to GDPR. As such, collaboration between all departments and the leadership team is key during the transition process. As a CEO preparing for GDPR within my own organisation, creating an environment that encourages that collaboration has certainly been at the forefront of my mind.
And so has reviewing all our existing data management practices. As the legislation will change the way that organisations collect, store and use personal information, it’s all about understanding what data you have and where it is. Let’s face it – this can be an overwhelming task when we consider just how much data is produced in today’s digital world.
What’s even more overwhelming is how to keep this data secure – a task that the new regulation reinforces will be the company’s responsibility. I guess, for some, this is where security vendors come in.
The truth is that, for the time being, security vendors can’t wave a magic wand and automatically make your organisation GDPR compliant. It’s not a matter of buying a single product and being ‘ready’ to face GDPR head on. Speaking as part of the security vendor industry, we shouldn’t be promising that our products will make any organisation 100% compliant until all the facts are known. The most that we can do is ensure that our products themselves are compliant and that, by buying them, your organisation does not become any less so. We, like everyone else, are taking a step into the unknown and so, let’s face it, if GDPR compliance is a journey, it’s one that we must all take together.
Essential compliance knowledge for iGaming professionals. Conference: Compliance Briefing London, 12 October 2017 Courses: igacademy.com/courses
By Ed Macnair, CEO at CensorNet
Originally published by GDPR.Report
COMPLIANCE BRIEFING: LONDON
12 OCTOBER 2017
COUNTY HALL, LONDON