Huge fines, when you’re not compliant! So get ready! It’s all over the news and a lot of consultants, lawyers and accountants scare the hell out of their clients telling them the worse than worst case scenario’s. They must act NOW and of course, the same consultants, lawyers and accountants happen to have a great (and paid!) solution! The question is whether all organisations should really worry that much if they can’t get everything fixed before May 25.
The General Data Protection Regulation (GDPR) is primarily intended to protect the personal data of individuals. Like you and me. To ensure that all organisations using and storing our data will take full responsibility for it and will do everything to secure it. Do we REALLY need a LAW to accomplish that?? You would expect them to do that anyway … but no, unfortunately that is not the case.
I personally think the government watchdog will not act as strict and rigid as everyone assumes now. Of course they will follow up on serious complaints, obviously. Otherwise this whole law will become a paper tiger. But I believe they will cut the organisations some slack. We can also expect court cases on this matter and those verdicts will in fact set the real rules and boundaries.
There are many commercial parties out there claiming they can help you to become fully compliant. But my advise would be to first check out whether this law really applies to you and if so, on what aspects. An important issue to check out is whether third parties you are working with have done their homework when it comes to GDPR. Because you will be held responsible if they haven’t.
You should figure this GDPR-thing out, obviously, but don’t panic.