Peter Drucker once said, “Plans are only good intentions unless they immediately degenerate into hard work.” With less than six months remaining before the new European privacy directive goes into operation, I am afraid that many companies – especially U.S. companies – are suffering from an excess of intentions and a shortage of hard work.
In case you’ve missed it, a new set of European rules and standards related to privacy and data protection (the General Data Protection Regulation, or GDPR) has set in motion a mad compliance and security scramble not only for European companies, but also for any company doing business in Europe or with European customers.
The regulation is designed to harmonize privacy across the EU, codify more rigorous privacy rights; strike a balance between privacy and security and create an explicit obligation for both data controllers and processors to demonstrate compliance with GDPR. This is not just a problem for European-based companies. If your organization does business in the EU, offers goods and services to EU citizens, or processes EU citizen data, then all the provisions of GDPR apply.
Is your organization ready to embrace a more rigorous privacy regime as espoused by GDPR? What is your organizational readiness to comply with GDPR when it becomes effective in May 2018? A recent survey by PwC shows that companies are planning to spend between $1 million and $10 million to comply with GDPR. How do you stack up?
Organizations cannot hope to meet this coming wave of regulation by approaching information privacy and security as an afterthought or by applying outdated and manual approaches to a set of problems that simply must be automated.