GDPR is here, but the hard work is only just beginning. Contrary to a view some hold, it is nothing like the millennium bug. Michael Baxter, editor of Data Protection Magazine, explains why GDPR remains so incredibly important.

25th May 2018, GDPR finally becomes enforceable. 26th May 2018, GDPR is still demanding our attention. 25th May, 2022, the compliance journey continues. GDPR is not something we can all cease to worry about after the 25th May deadline, the requirement Is ongoing.

There is a view that GDPR is like the millennium bug. You may recall, during the last few months of the 20th Century, fears that once the clocks were reset, so that the last two digits of the year went from ‘99 to ‘00, computers across the world would crash. But it didn’t happen. As of 1st January 2000, dawned, there were no headlines pertaining to crashing computers. And whilst IT problems do occasionally grab headlines – such as when the WannaCry virus caused problems worldwide, the millennium bug began to look like a miniature explosive device, often used in movies, but that was soaking wet, in short – a damp squib.

Such a comparison with GDPR totally misses the point. The ICO, the UK regulator, isn’t going to stop dishing out fines on 26th May, instead, its work is ongoing. Subject access requests are not going to come flooding in on 25th May and then stop. The flow will continue for as long as regulations allow for them. The Right to be Forgotten, is not something that people will only care about for the one day that GDPR becomes enforceable, people will be exercising this right for as long as it exists.

For that matter, the threat from cybercriminals is not going away, the need to have adequate policies in place to limit exposure to a breach is an unceasing requirement.

The Economist magazine once said that data is the new oil. No one interpreted this as meaning that data was only going to be valuable for a short while, instead, data combined with AI is underpinning the fourth industrial revolution. Indeed, this week, newspaper headlines were telling us the good news that AI, in combination with big data, was being used to fight cancer. This is a fight that is set to continue, until some bright day in the future when medical science wins a decisive victory, and even then, AI will use data to keep an electronic watchful eye on the disease.

But the dangers that data may be misused, undermining our human right to privacy, will remain, perhaps forever. GDPR imposes, transparency, accountability, and control on organisations that process data. Together, these three requirements are the core of what GDPR is about, and they represent a big – enormous – challenge.

In fact, we asked Nicola McKilligan-Regan, one of the UK’s leading experts on data privacy, a senior Partner at the Privacy Partnership, as well as the founder and CEO of Smart Privacy, and author of the A Pocket Guide to the Data Protection Act, which is being revised later this year, if GDPR was like the millennium bug?

She said: “No. We didn’t know what effect the millennium bug would have, but before GDPR is even implemented, regulators have begun flexing their muscles.

She poses a question. “If GDPR is just like the millennium bug, why has Facebook moved the accounts of 1.5 billion users from Ireland to the US?”

“The new regulations give regulators a lot more scope to take a hard line against businesses that don’t treat our personal data and privacy with the respect it deserves.”

And then she sums it all up in one phrase:

“You haven’t seen anything yet!”

And she is right. GDPR is here, but the journey ahead is long, arduous but if the end result can be a revolution in business without encroaching on our right to privacy, it will be enormously fruitful.

To ensure your business stays on the right track in its journey to compliance, attend the next GDPR Summit London. Taking place one month after the deadline, the event will provide actionable, practical advice to continue your drive to achieve ongoing GDPR compliance and gain a strategic advantage over competitors.

By Michael Baxter, Editor, Fresh Business Thinking

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.

comments powered by Disqus