What lessons have we learnt from 2 years of GDPR?
Written by Joe A. J. Beaumont on 26/06/2020
GDPR is still a problem for many businesses
GDPR recently breezed past its second birthday and, like many two-year-olds, continues to cause concern and confusion for those who have to deal with it. Unlike real two-year-olds, however, GDPR is quite clear in what it demands and there could be big consequences if they are not met.
For businesses, failure to meet GDPR’s requirements represents an increased risk of data breaches and the reputational damage and legal repercussions that breaches inevitably lead to. These risks are not inconsiderable: the reputational damage alone is often enough to wipe out a business.
So, with so much resource and support available for GDPR, why are so many organisations still struggling with it?
Using our two years of lessons learnt, this blog will examine what companies are still getting wrong and show what can easily be done to solve the challenges.
Get your free guide to GDPR
Lesson Four: Corporate compliance culture
Finally, we have companies who realise the risks, have got management buy-in, have committed to doing GDPR, and go right through the process from top to bottom. Sounds great, but problems can still arise.
True GDPR compliance is not a one-and-done exercise. It can require a lot of work for some organisations, and when you get over the initial hurdle, it’s tempting to stick it on a shelf and call it complete. But without constant review, your compliance will very quickly be broken – and you won’t even know it. GDPR is transformative and needs to be built into day-to-day business as usual. GDPR is only successful when it gets embedded in the culture of a business.
This means that someone, somewhere needs to take ownership of data privacy and GDPR within your organisation. They need to work across all departments to bring it all together. Even with management buy-in, this can be a daunting prospect. Data protection expertise isn’t cheap, and there might not be the volume of work for a full-time staff member. It’s for these reasons that outsourcing of this role is rapidly gaining popularity, as it delivers top-tier GDPR and data protection expertise on a cost-effective retainer. Bulletproof’s expert Data Protection Officers undertake this responsibility for many companies, saving them time and money, and keeping them compliant with GDPR.
To recap, here are our four lessons we’ve learnt from the last 2 years of GDPR.
ISO 27001 and 9001 certified
Tigerscheme qualified testers
PCI DSS v3.2 Level 1
24/7 on-site Security
Get a quote today
If you’re interested in our services, get a free, no obligation quote today by filling out the form below.