Stubborn Obstacles to GDPR Compliance
The launch date for the European General Data Protection Regulation is just two months away, so companies that are staying on track to success deserve some preliminary congratulations at this point. Well done! Even if every single component of the law isn’t fully in place just yet, forward motion is to be commended, and a great deal can be accomplished in the remaining two months.
But the home stretch is also the point at which some of the best-laid plans go awry. If every mile marker on your roadmap to compliance has been hemmed in by a tight timeline, missing just a few key milestones may be setting you back. And if you’ve encountered an unanticipated obstacle that’s essentially holding you at square one, there’s still time to push that stone out of the way and move forward. The most common hold-ups are listed here. If these look familiar, it may be time to reach out for support.
“We didn’t have clients in the European Union…But then we did.”
If your entire client base and all partners, vendors and data stakeholders live outside of the areas overseen by the GDPR, you may have removed this regulatory concern from your list of priorities altogether. But things change. If you need to revisit your data management protocols due to growth in your company or the arrival of new customers, it’s not too late. Keep in mind that EU citizens own their data, and accelerate the path to compliance, extensions, and appeals.
“Our notification procedures are not in place or not reliable.”
The GDPR requires proper notification of affected parties in the event of a breach or data exposure. But for some organizations, this is easier said than done. Just because a notification system is in place does not mean it works or can be counted on to activate at any hour of the day or night. If you lack confidence in your system for bureaucratic or technical reasons (for example, your notifications rely on a staff too small to connect with your growing customer base), tools are available that can close the gaps.
“We’re having issues related to privacy by design and default.”
This obstacle can arise when a company expects to develop, customize, or design a proprietary app from the ground up for data protection and management purposes, and the product is not slated to appear before the steadily approaching deadline. Some outside guidance can accelerate the software development process.
“We haven’t hired a DPO.”
This new employee should have a respected place at the leadership table and should be able to make data-protection decisions that are judicious and implementable. He or she should be able to identify issues before they become problems, lead a team if necessary, and have the technical experience to make sound recommendations. Identify the roadblock that’s keeping you apart from this person so you can remove it. Do you lack the budget to hire a skilled expert? Are you having trouble with sourcing and recruiting? Or are you not quite sure how to evaluate candidates? In all cases, outside perspective can help.