GDPR – my thoughts
by Richard Jefferies, Insurance Client Manager
I haven’t yet met anyone who loves GDPR but it can feel like that is all we hear now, given the noise and volume of information being put out there from a huge variety of sources. And after sifting through a lot of that information trying to find the answers and see the light, it can start to feel like all you hear is GDP bla blaR and send you a bit GDP ga gaR. If I wanted to find someone who still loves GDPR, I would probably find them in a software vendor who has benefited from an upswing in security/data governance business off the back of GDPR.
If there is little love for GDPR in organisations, I have met a lot of people going on their first GDPR dates, wanting to get to know as much as they can about GDPR and how they can get along (whether they want to or not). Will it be an uncomfortable relationship, like moving in with a mysterious, complex person you used to know but has now changed? A person who will move in, probably never move out and will not change their ways to get along – it’s you who has to adapt and change and accept them, or face the dire consequences.
I am not going to attempt to make anyone love GDPR, but thought it might be good timing to provide a view from the market, i.e. what’s everyone else doing? As a provider of GDPR consultancy, advisory services and solutions, Northdoor gets to meet a lot of organisations of all sizes looking to progress their GDPR compliance programmes. In many cases, “progress” essentially means starting. All organisations have of course done their own research on GDPR, but many are unclear on the steps to take that are right for their organisation or how to take them, e.g. what personal data do we have, where is it, how is it being used, what gaps to compliance do we have, what are the levels of risk associated with those gaps, etc. If that sounds familiar, then hopefully it is of some comfort that you are not the only one and are not way behind the curve!
Organisations who have formal GDPR programmes in place with the associated resources and budgets assigned are typically the larger enterprises – those with more complexity and volume of data (plus deeper pockets and available resources). It is however surprising to still be meeting very large companies who are still in the very early stages.
If there is this swell of organisations building up out there in the very early stages of GDPR activity, that would seem to indicate the dam is going to break very soon. Once it does, will the available GDPR market resources get flooded and washed away and cause organisational panic in the rush to May 25th 2018? Probably not that dramatic of course, but whilst it may be comforting to know you are in the same early-stages boat as many other organisations, the longer you delay may also mean high competition (and price) for the resources and solutions you need for compliance and more compromises you have to make in order to keep your new GDPR house mate happy.
Your business could take great strides towards compliance in the space of just one meeting. To understand more about the GDPR Industrialisation from Northdoor, and decide whether it could work for you, please contact us.