As the General Data Protection Regulation (GDPR) is unleashed this week, there’s growing industry nervousness, comparable to the feverish “Millennium Bug” hysteria—the apocalyptic millennial crisis that never was. And while likening 90s digital doom with a new digital regulation might seem a little odd, both share the same DNA: our fear of the unknown. And this paranoia now manifests in what lurks beyond the GDPR deadline.
While Will Smith seemingly became the voice of “Y2K”, the Millennium Bug became its urban legend and the stuff of global nightmare. The havoc created by timing devices in computers and electrical goods supposedly unable to roll past ‘99’ to ‘00’ caused a frenzy. VHS machines were meant to eat small animals and microwaves to fry brains. But nothing happened.
Yet, while the Millennium Bug was more caterpillar than biblical locust, the full-blooded GDPR is an entirely different beast. It is a potential dinosaur killer, being the most significant European data handling revolution since the original 1995 DPD—with fines of up to €20 million for breaches, new data protection obligations, new privacy rights, and a higher level of control to the consumer.
But there are some similarities between the two critters.
Both involve a hard-drop date that brings severe penalties on a global scale. Both have shaken the technology landscape due to fears over the unknown. And both are significant enough to have caused political tremors in the “public’s best interest”.
In fact, we shouldn’t forget that companies around the world spent an estimated $300 to $500 billion to address the anticipated fallout when our clocks rolled from 1999 to 2000.
Also, just like the Millennium Bug, the GDPR permanently impacts every industry type no matter how big or small. And as the clock has been ticking, we have seen a pattern of underestimating the amount of work and initiative needed in preparation…
Simply put, companies have needed to act. The consequences of not doing so are potentially disastrous.
But for the similarities, there is one significant difference. With the Millennium Bug, it was back to business as usual on 1 January. With the GDPR, things will never be the same again. Companies will operate under an entirely new paradigm.
The most important thing to remember beyond the GDPR deadline is that it’s not a one-off effort, like the rush to “fix” the Millennium Bug. On the contrary, it’s a continuous process that will need to be evaluated and evolved.
This will likely result in a de facto grace period early on, as GDPR regulators and organizations feel their way around the new law. While there is no definitive view on how the new rules will be policed and enforced, there are groups and individuals planning to bring test cases, which will likely set a range of precedents as they progress.
As a result, the choices and decisions you’ve made today will likely need revisiting after 25 May.
Therefore, to succeed beyond the GDPR deadline, C-Level executives must view the regulation as a business, rather than a pain point or burden. Strategies will need to include all stakeholders from across an organization—including IT, legal, compliance, and the data owners themselves.
The GDPR is here to stay, so firms must get on board, embrace the change and learn how to innovate, grow, and compete amid a new regulatory landscape.
SPOILER ALERT: GDPR applies regardless of Brexit! Read our blog:.
Time will pass before a new “normal” way of doing things is reached, and during this period your organization will need to adjust in ways you didn’t expect. If we’re lucky, the new environment will be more about the spirit of the directive and not the technical details of specific cases. But from day one, every organization will adhere to the strict regulation rules (see our).
However, all your competitors must manage their customer data in the same compliant way. Thus, it levels the playing field and also gives you an opportunity to introduce changes that could be the boost you need.
Right now, the focus should be to deliver your current plan and put in place the policies and systems you think are needed. It will also be important to watch what happens in your industry and markets, and be ready to make measured responses.
And remember to breathe! As we noted in last week’s blog,, the regulation is an opportunity to show the world that your organization takes privacy and security seriously, and that you value customer/user trust. Why not use the GDPR to your advantage? Turn the ‘bug’ into a butterfly.
The GDPR isn’t about penalizing organizations, it’s about protecting the consumer. With Signavio by your side, you’ll have the technology and expertise to make the critical principles of trust and transparency the bedrock on which you build your organization.
We remodel the GDPR in your interest, Getting Data Protection Right.
is the ideal means of supporting ongoing compliance with the GDPR because it enables you to identify what data is needed and what is superfluous, as well as the justification for both. This helps your organization’s data processing activities stay compliant with the new data protection laws. Our products make a company’s decision-making clearer and are a powerful technique for capturing, analyzing, and communicating.
Signavio guides users to map personal data items against business processes and operations, helping document GDPR risk and controls and reducing the risk of human error.
But our products will do more than just lay the foundation for GDPR compliance—they’re your catalyst for future success. They supercharge your global competitiveness, increase operational efficiency, and improve productivity.
With Signavio at your side, you have industry-leading resources to thrive under the GDPR and far beyond the deadline. Sign up today for a. Getting Data Protection Right.