Wacky Races: Speeding Towards GDPR Compliance
BLOG
GDPR

Wacky Races: Speeding Towards GDPR Compliance

In the coming weeks we will be publishing some blogs around the build-up to GDPR compliance. In this first post, we reflect on the perception that many organisations are struggling to know where to begin on this journey, let alone understand the rules to be followed, or see where the finishing post lies (is there one?). Many appear to be paralysed into inaction, but help is available!

“Muttley, do something”

Those of us of a certain age will fondly remember Dick Dastardly and his sidekick Muttley.

“What? So how does that relate to the GDPR?”, you might ask.

Well, in my mind, Dastardly’s panic makes me think of where many organisations sit with the issue of GDPR compliance:

  • An urgent request for help
  • A hope someone else will magically appear and fix the problem for them
  • You might say, “A third party sniffing around after a reward”; I couldn’t possibly comment. (How many more TV references?).

Talking to our clients and networking with peers, the feedback indicates some UK companies are starting to make a move towards ‘doing something’ but many are still paralysed for whatever reason.

One common theme is that organisations simply do not know their data, which is not a place you want to be now, let alone after May 2018.

Our European neighbours are, in many cases, ahead of us with compliance. In the case of both Germany and the Netherlands, this is down to a much stricter regulation/enforcement already being in place with less of a gap to close. We have been able to get away with doing little or nothing for too long. As an example, those test data waivers are great and so easy to obtain.

For the GDPR, we’ve seen excuses ranging from total denial that it represents a problem, to not knowing where to start, to an expectation that all the liability can be moved to suppliers through contract changes.

I can recall one manager offering “I’m thinking about doing something, so I am compliant” as his solution to the DPA. I wonder what his solution to the GDPR is? (Father Jack Hackett’s usual response in Father Ted perhaps).

Not knowing where to start I can understand, but help is out there. Do Something!

The Information Commissioner’s Office has been providing some quality advice and the so called ‘Article 29 Working Party’ are gradually getting around to providing the kind of details about the regulation that organisations are looking for.

There are also some legal firms out there providing quality free updates and opinion - how often can you say that?

There has been a move away from just talking about the fines to beginning a conversation around what benefits an organisation sees from this - and there are plenty.

Sogeti offer GDPR services to suit your needs. From Readiness Assessments, or a full end-to-end GDPR Program, to Data Discovery, Data Pseudonymisation and more, we can help you get the benefits beyond just compliance.

So, ‘do something’: come and talk to us and we can solve the problem for you or, even better, with you.

For more information visit https://www.uk.sogeti.com/services/gdpr-services/

todo todo