by Oliver Neukamm
When Germany started car seatbelt regulation, critique arose from everywhere that the necessity/usefulness was way lower than the cost of retrofitting seatbelts – the statistics soon proved the opposite which made the criticisers fall silent.
Even though the EU General Data Protection Regulation might not save lives, you can draw a lot of parallels to the situation back in the 1970s. Just like the seatbelts, the implementation of the GDPR will cost a lot of companies a lot of money. However, this is not only due to the extent of the GDPR, but also due to companies neglecting their data protection responsibilities over many years. Those companies are now facing a huge challenge.
In my opinion, this challenge also carries a lot of potential. To efficiently implement the GDPR, it’s important to develop and maintain an effective risk management strategy beforehand. There are a lot of different tools, techniques and strategies to successfully tackle this topic, I, however, will not go too much into detail for now as this would exceed the scope of this blog.
The draconian penalties that are in place for failing to implement the regulation by 25th May 2018 are definite signs for how serious the authorities are about this matter. Once it became clear the GDPR is no longer a simple IT matter, it has been widely treated as a high priority management topic. Some organsiations are already well prepared, others still have a long way to go. However, I think that the general idea of the GDPR is being overshadowed by the obligation to implement it by 25th May 2018. In my opinion, the due date should be seen as the birth of a new data protection era, since the real work will be to comply with the GDPR in the years to come. One of the tasks now is to find the right talent to build a team that can ensure data protection is implemented seamlessly for employees and companies.
The latest published cases are proof that many companies are not quite as ready as they should be. Cases have started at major players like Equifax, Deloitte or Wholefoods, but if we mentioned all the smaller cases, the list would be endless. They all have different causes, but what they all have in common as well as the negative outcomes like their public image, media attention and lawsuits, are the penalties that are awaiting them if they fail to comply with the GDPR by 25th May 2018.