In the regulatory compliance world, a lot has been written over the past two years introducing organizations to the new European data privacy regulation and why they should be concerned.
It got your attention when pundits warned that your organization was still impacted even if it doesn’t have operations in the European Union. You took notice of the hefty fines potentially ranging from 2 to 4% of your company’s annual revenue. And you’re very aware that the deadline for compliance is May 2018. You’ve watched the webinars, read the whitepapers, and attended the education events. You’ve done your homework.
But now it’s the beginning of 2018. Enforcement for the General Data Protection Regulation is no longer “May 2018”. Now, it’s just “May”. And of some concern is Gartner’s prediction that by the end of 2018, over 50% of companies affected by the GDPR will not be in full compliance with its requirements (Gartner, Focus on Five High-Priority Changes to Tackle the EU GDPR).
I can offer encouraging euphemisms here: “Better late than never.” “A journey of a thousand miles begins with a single step.” “The secret of getting ahead is getting started.” But…what I really want to say is that if it hasn’t already, your organization needs to roll up its sleeves and get to work. It’s time to take action. Like now.
New regulation but familiar challenges
Data privacy regulations are not new but the GDPR has put a spotlight on the topic. At its root, data privacy protection is about good Information Management.
An important first step will be your organization to have clarity on how it manages personal information, specifically in these three areas:
GDPR overview and then things you can do now
I had the privilege to co-deliver a GDPR Breakfast session in Toronto, Ontario last November and someone had the smart idea to record it. And because we know that not everyone wants to sit down for a 30-minute video, we’ve chunked it out for easy viewing, depending on where you are in your journey.
Part 1 – GDPR overview – for those of you who may still need a good primer, a review of the key terms and principles of the new EU data protection law. (12:25 min)
Part 2 – GDPR and Enterprise Information Management – we reviewed the GDPR and pulled out the requirements that will have impacts on Enterprise Information Management practices and discuss how your EIM program will need to adjust and mature. (6:42 min)
Part 3 – 10 steps you can take now – finally we look at tangible action steps that can be taken immediately to get your organization well on its path to GDPR readiness. These ten steps are based on information management best practices and by carrying them out will put your EIM program on solid footing with or without the GDPR business driver. (12:00 min)
There are now only several months (weeks!) until the GDPR becomes enforceable. The time is now to put an action plan together and show your customers, stakeholders, and yes, regulators that your organization is making best efforts towards being a GDPR-compliant organization. It’s time to get to work! Reach out to us if you need help getting started.