GDPR Day has arrived

GDPR Day has arrived

What was the most eagerly awaited day in May 2018?

While Britain celebrated a royal wedding on 19th May and it was indeed memorable for the pomp and ceremonial that we Brits are good at.  The other date 25th May – which has been dubbed “GDPR day” – may lack ceremonial splendour but will be remembered for its effects for far longer. 

“GDPR day” may be rather dramatizing the point but now GDPR applies across the EU and to those companies outside the EU selling to EU citizens.  For those of us that have been following this with interest, a year ago we expected a huge flurry of last minute preparations to ensure compliance.  We had not foreseen the flood of GDPR emails in my inbox in the very last days running up to 25th May.  Even major brands appear to have left it to the very last minute to obtain marketing consent.

Even major brands appear to have left it to the very last minute to obtain marketing consent

We expect most organisations to be at least minimally compliant by the time the regulations hit.  Awareness is certainly very high.  Even the smallest businesses seem to know this is happening.  On the other hand, as one middle manager attending one of our “GDPR and Data Stewardship” training courses said, she did not think top management were allocating the required resources to achieve the cultural shift required.

Tick box compliance is not enough

Her view, and increasingly our view, is that it is not until there are some cause celebre given a very large and punitive fine that top managers will realise that this is something different.  Tick box compliance is not enough.  What is required is a cultural shift to improve the data governance processes around personal data. 

More forward-thinking organisations have been investing in moving basic compliance to using Data Governance as a way of improving their businesses efficiency and to gain competitive advantage.

GDPR is not just about getting marketing consent and rewriting a privacy policy.  It is also about having the back-office processes to support the management of personal data in a compliant manner.  Can you handle the right to be forgotten, the right to restrict processing, the right to data portability? 

Hopefully the royal wedding will be remembered for a long time, but we think the effects of “GDPR day” will also be felt within organisations for a long time to come.