There are threats and risks associated with the GDPR, but one data protection officer believes organisations should focus on the business opportunities instead
Preparation for compliance with the General Data Protection Regulation (GDPR) is essentially a change management programme, according to Emma Butler, data protection officer (DPO) at digital identity firm Yoti.
“This is not something you can leave to the lawyers to deal with and the rest of the company can carry on as normal,” she told a recent discussion about the legislation hosted by IT industry body TechUK.
“It is change management because there are policies, processes, technologies and cultures at stake, many of which you need to change and adapt,” said Butler, who is responsible for the three-year-old startup’s GDPR planning and keeping the 150 employee company on track for GDPR compliance.
The amount of change will vary between organisations because everybody is in a different business and stage of compliance, she said. While it may be fairly limited for some, it may be fairly significant with “quite an impact” for others because of all the personal data handling requirements introduced by the GDPR, she added.
However, Butler said organisations should view the GDPR as an opportunity to do information governance really well and identifying what is needed, rather than as a threat to business models and innovation.