The date of May 25 2018 will surely be viewed as a watershed moment when the time comes for historians to analyze the rise of digital technology and, consequently, the privacy and availability of data. It was of course the birth of the General Data Protection Regulation (GDPR), legislation introduced primarily to unify data protection rules across EU member states as well as enhance individuals’ privacy and data rights.
Two years on, this momentous piece of legislation continues to be a very influential topic across all industries. Nevertheless, it is fair to say the regulation got off to a rather inauspicious start following its roll out. “There were a lot of companies that were very ill prepared,” noted Paul Edon, senior director, technical sales and service at Tripwire.
Lack of Preparedness
Whether this was due to complacency on the part of organizations following years of limited regulatory enforcement on existing data protection rule, or lack of understanding of the new law, is a matter of debate.
Whilst leaving work such as identifying data and contacting people on their systems to the final few months before the law became active undoubtedly played a part in this lack of readiness for some companies, possibly a bigger issue was the extent of poor advice being given to firms. Brian Honan, CEO of BH Consulting, commented: “My concern is that in the rush to be ready for the GDPR before 2018, and indeed since, many companies have engaged with individuals or organizations which haven’t given them proper advice with regards to their requirements.”