GDPR Compliance Requires More than Good Intentions
By Thomas Schneck, DocuWare – Peter Drucker once said, “Plans are only good intentions unless they immediately degenerate into hard work.” With less than six months remaining before the new European privacy directive goes into operation, I am afraid that many companies – especially U.S. companies – are suffering from an excess of intentions and a shortage of hard work.
In case you’ve missed it, a new set of European rules and standards related to privacy and data protection (the General Data Protection Regulation, or GDPR) has set in motion a mad compliance and security scramble not only for European companies, but also for any company doing business in Europe or with European customers.
The regulation is designed to harmonize privacy across the EU, codify more rigorous privacy rights; strike a balance between privacy and security and create an explicit obligation for both data controllers and processors to demonstrate compliance with GDPR. This is not just a problem for European-based companies. If your organization does business in the EU, offers goods and services to EU citizens, or processes EU citizen data, then all the provisions of GDPR apply.
Consider the following GDPR datapoints:
- Openprise, the leader in data orchestration solutions for marketing and sales, polled 508 Dreamforce conference attendeesin San Francisco earlier this month on their awareness of the General Data Protection Regulation (GDPR). “Only about half of survey respondents at Dreamforce were aware of GDPR, and the number is even lower (43%) for those in sales and marketing.”