The chances are that many organisations will not be fully compliant by May 2018, particularly if they were late getting their strategy off the ground. This is not, necessarily, the disaster that some have implied it will be. The GDPR is often presented in a manner which suggests that if victims of data breaches are not informed within 72 hours for example, companies will be in breach of European law and immediately levied with enormous fines. The reality is altogether less certain.
The GDPR contains a number of phrases such as “reasonable steps,” ”undue delay,” and “disproportionate effort.” The actual day-to-day definition of these terms is likely to be decided in courts over the next few years. Whilst no company would wish to be a test case, a wise strategy for those who are not confident that they will be fully compliant with GDPR mandates would be to not panic, and demonstrate that to customers, auditors and stakeholders that they are progressing strongly towards the ultimate goal of compliance.
This webinar will make a case for viewing the GDPR from a positive viewpoint. Whilst it increases the burden on organisations it is also creating opportunities. The new organisational structure that the GDPR requires (and the increasingly frequent role of the Data Protection Officer) (DPO) means that the subject of data privacy and security are likely to combine, and that changes are more likely to be driven from the top of organisations. This is a welcome change for security professionals who often feel as if they are up against a prevailing culture where non-technical employees continually underestimate the importance of strong data security practice. Arguably the GDPR is simply good data house-keeping.