GDPR for the CIO: Data protection is about more than GDPR compliance

If you approach GDPR as if compliance is all that matters, then you’re bound to fail – data protection should be at the heart of business strategy

Unless you’ve been on a retreat to outer space, you may have noticed a bit of noise about the European Union’s (EU’s) General Data Protection Regulation (GDPR).

It’s everywhere across the industry, with the security sector prominent in promoting the fear, with a whole plethora of newly self-proclaimed experts to the fore.

Apparently, the world and its mother can make you GDPR compliant, at a variety of costs, while delivering a variety of value – if any at all. In every aspect, it is all about compliance, with the majority of noise from organisations being about the need to comply with GDPR.

If you’re focusing on compliance then you are likely to be ineffective, but maybe you will manage to tick a few boxes along the way. You might get a feeling of being “fully compliant”, but even then is it a point-in-time view.

Of course, being compliant with the regulation is a good thing, but it does not protect you from a breach of your data, nor the business impact a breach would have. There is no evidence to support the view that being compliant will reduce the chance of a data breach.

Continue reading…