18 years ago there was widespread anticipation of a digital Armageddon on January 1st, 2000. Many people believed that the digital world would collapse when IT systems rolled over from 1999 into 2000.
The transition happened calmly.
Were some organisations cynically promoting unease – perhaps to make money in providing consultancy and/or preventative solutions?
Were people being alarmist?
Were people over-reacting?
There were echoes of this recently in the run-up to May 25th 2018 – the day that the GDPR came into force.
For example, remember that veritable tsunami of emails you received asking you whether or not you wanted to continue to receive emails? The fact is that a large portion of such emails were totally unnecessary – many of the emailing companies already had GDPR-compliant consent from email subscribers.
The emailing companies were over-compensating. Some from worry. Some from ignorance. Some based on invalid advice received.
Part of this haste was because fear had been stoked of serious fines. Just google fines of up to €20 million to see how prevalent the warnings were (and remain)!
But May 25th came and went. And no hordes of organisations were summarily served with crippling fines. No vast numbers of auditors descended on Irish workplaces.
This of course is not at all to say that GDPR should be ignored. It is real. It has teeth. And there is an expectation that organisations need to be compliant.
The crucial requirement? To not wilfully ignore the new landscape.
May 25th is a milestone – it’s a milestone marking the advent of a new era in how organisations that are data processors and controllers need to operate. In how organisations need to adapt their website(s). In how your organisation deals with data collection from here on (capturing consent, etc.)
So, is your organisation GDPR-compliant?
The 3 possible answers are “Yes”, “No”, or “Don’t know”.
If “Yes” then well done – you just need to ensure that you can demonstrate that compliance and that you retain that compliance as circumstances change. For example, make sure you have a clear process for dealing with new employees.
If “No” then you have a known unknown. You know where the gaps are. Which of them are the most significant? Have you a plan devised to progressively address those gaps?
If “Don’t know” then in all probability you are non-compliant – and you have an unknown unknown. Your next GDPR task is to determine what your true status is.
The important thing to note is that there is no need for panic. What’s required is a steady, calm and demonstrably progressive approach. The journey you are on will be an ongoing project for you and organisations like yours.
The journey towards compliance is a project that has a beginning and an end. Break it down into chunks. Sequence those chunks. Assign those chunks to people. Define the milestones. Devise a schedule. Identify the risks. Drive towards completion.
Thereafter, with compliance achieved, the landscape will shift from attainment to maintenance.
Here at BITS we deliberately did not dictate to clients that everything needed to be done by May 25th. We helped clients do the gap analysis, to identify solutions for filling the gaps, and to source and begin implementing those solutions. Different clients moved at different paces. There was no panic.
And we’re ready to provide the exact same expert help to further organisations.
So, maybe you’ve done nothing. Or maybe you’ve started the journey and much remains to be done. Or maybe you’ve achieved compliance and now you’re mindful of maintenance. At BITS we are ready and practised at helping you in relation to all the IT elements and the technology – no matter where you are on that journey.
Contact BITS via today via firstname.lastname@example.org or give us a call on 056 7786882 to determine what needs to be done!