GDPR: Force for 'Good' or an 'Evil' Necessity
by Alex Pavlovic - GDPR 'Strategist'
For those of you who were involved in the much maligned and, at the time, over-hyped Y2K or the ‘Millennium Bug’ you could be excused for thinking that with the General Data Protection Regulation (GDPR) there is a sense of déjà vu.
The “It’ll never happen” versus the “sky is falling on our heads” camps seem to be resurfacing.
It’s been 20ish years since the Y2K project work started. I worked in a trading floor environment at the time and there was a huge, aka expensive, project to identify systems and processes impacted by the date change; the risks of doing nothing far outweighed the investment. Quite a few instances were discovered and we did identify issues with hardware and software.
Was it the end of the world like some predicted: No.
Would it have impacted operations on January 2nd until they were fixed: Yes.
Would we have been able to trade: hmm, tricky - quite a few database and spreadsheet issues were identified. But was it a timely overhaul of outdated systems and processes: Yes.
What the lead up to Y2K did do was focus staff, and most importantly, the executive’s & senior management’s attention to the risks and impact of not doing anything - sound similar to some current conversations ?
The risks of doing nothing far outweighed the investment; at the time there were early and late remediation adopters.
Did that result in getting systems, infrastructure and controls updated (things which IT had been crying out for): Yes.
GDPR has rightly been identified and embraced by organisations (it could be said, long overdue) and plans are finally being developed to rectify the omissions in technical and organisational controls/measures. High profile projects once again have the Executives’ attention and support, albeit grudgingly in some cases. Commitment for resource and budgets are once again being given and remediation work has commenced.
If the controls aren’t implemented will it be the end of the world: No, though it could knock a hole in a company's finances.
Will it impact operations: it could do if a regulator orders a company to halt processing.
Will it be a timely overhaul of outdated systems and processes: I certainly hope so !
Leave your comments down below...
GDPR 'Strategist' &
Alex is a Lead Consultant with 25 years of IT, Audit, Information Security and Risk Management experience. He is a specialist in the GDPR and is an advisor and implementation manager for multiple clients across a wide range of industries. If you are interested to run or participate in GDPR sessions, contact: firstname.lastname@example.org
Visit our content: