THE GENERAL DATA PROTECTION REGULATION TAKES EFFECT on 25 May of this year. When we hit that deadline, you won’t comply. That’s what a senior lawyer told the audience at an event I attended. What he meant was that businesses generally won’t be able to get the changes done by the time GDPR comes into force.
The Regulations will affect all organisations to some degree. I can imagine several reactions. The truly awful manager might sit back and relax. “Well, if everybody else is going to have big problems complying with the regulations, we’re just one in the crowd. No need to rush!”
Even a sincere manager might be paralysed by the size of the job: “Should I get legal advice?”, “Do I need to employ an expert in security?”, “How can I run the business while all this work is going on?”.
A better approach would be to treat the big demands of GDPR as a good reason to get started. After all, even if you’re not compliant by the deadline, the effort you’ve put in to move in the right direction could make the difference between a slap on the wrist from the regulator and having the book thrown at you. “But they won’t be able to prosecute everyone”: no of course they won’t, but they will prosecute someone, and under the regulations it’ll be possible for those who’ve had a bad experience with your company to report you for any mishandling of their data.
Another point: why think about GDPR only in terms of avoiding prosecution? While it’s true that new regulations often fail to achieve much and just add paperwork, think about what you’re required to do under GDPR. Shouldn’t we have been doing a lot of it anyway?
Could it be a great opportunity? Get your organisation compliant, then tell everyone. Awareness of data rights and of cyber-security are only going to increase. Meanwhile your non-compliant competitors may get whacked by the new fines that GDPR brings in. The best manager will start now and keep going.