With the General Data Protection Regulation (GDPR) from the European Union (EU) nearing enforcement in May 2018, many still see it as a project.
Many enterprises still see GDPR as a project and not a privacy strategy. Here are some excerpts from conversations I have had with managers about GDPR:
- “Since Safe Harbor failed we’ll see what happens with GDPR.”
- “I don’t think it applies to us”, this was a SaaS based company.
- “We know this is very important, but we have so many other things to do.”
- “We really need help here; this is a very big deal.”
- “We have a project manager and myself, we need more help.”
GDPR implementations are still in their early days and time will tell on the impacts of non-compliance. However, it is clear that bringing together the regulatory and compliance sides of the enterprise with the mainstream product, marketing, and engineering sides is becoming more urgent. In an Agile culture of rapid delivery, integrated teams, and more intimate customer conversations, enterprises still struggle to fully incorporate their legal and compliance teams into the process. When was the last time you saw a lawyer in a scrum? Have your product owners ever engaged legal in defining a privacy model? It is hard enough to get security requirements into stories, how will enterprises incorporate privacy?
GDPR’s requirements around EU citizen rights will surely make an impact in how global enterprises handle EU citizen data. Many see this as a new default privacy model and embrace the change; others are still determining what it means to their organizations. In either case, GDPR shines a light on the opportunities for enterprises to integrate privacy, governance, and product in order to improve the quality of services we all consume.
Need help realizing the benefits of GDPR or converting your GDPR Project into a real Privacy Strategy, please contact us at American Cyber Security Management today.
*American Cyber Security Management (AmericanCSM.com) is focused on reducing your risk of data misuse. We do this through our Security, Privacy and DevOps offerings, delivered by seasoned experts. Our Privacy specialists can help you make sense of and comply with GDPR.