Go from guesstimate to estimate of GDPR impact on your business

0

Over the past few months, I have travelled extensively in Europe and other regions talking to partners and clients about how they are tackling the demands of General Data Protection Regulation (EU GDPR). What I have learned is that the level of readiness, coming up on a year to the enforcement date of the regulation in May 2018, varies widely in different countries and in different regions.

Now, we would like to ask your help on mapping out the progress on EU GDRP readiness, but first a bit of background.

Challenges and the way forward

I have been rather impressed to see the progress in some of the Southern European countries and somewhat concerned about the timeline for many companies and organisation in my own native region, the Nordics. At the same time, I fear that some companies that are headquartered outside the EU but have extensive business dealings inside the EU are underestimating the challenges they may soon face.

However, the errand of this blog post is not to join the choir of wolf criers although the challenge is very real. I really want to impress the message that there is a way forward and it may be simpler than some organisations fear. You just have to start the right way and start in a limited format.

Building from both ends

Many have started their journey to EUGDPR compliance at the top executive level, involving their legal departments and sometimes, external consultancy, and laying down the strategic map is obviously an important step. Getting to EUGDPR compliance within the deadline must involve both a top-down and a simultaneous bottom-up approach. It is rather like the principles of modern bridge building in that if you are trying to span a wide gap – and for many organisations, the EU GDPR compliance gap is quite a gap – you need to start building from both ends and have the ends meet in the middle. Hoping to pass boards forward from one end to the other is likely to end poorly. Therefore, it is essential that IT project managers do not wait but start scoping how the IT department will handle the requests for actual documentation or deletion of personal data which are a cornerstone of the directive.

Limit your scope and heighten your impact

Limiting the scope of the EU GDPR readiness project to make it possible to estimate the true cost in time and other resources entails getting from a wild guestimate to a real estimate of the workload. Here, I strongly urge program & project managers to make an inventory search of a limited segment of the stored data and use the results to estimate the efforts needed to map everything.

For many, it will be a relief to see that once the structure of the work is in place, it is not necessarily a very demanding task. We at SAS Institute recently did an inventory check for a client in the B2C space and they had their entire customer database inventoried in under 10 minutes, once the procedure was set up correctly.

Take the survey and benchmark your organisation

This brings me back to the original request: Instead of crying wolf, we at SAS Institute would like to help create clarity and share best practise. So, I am inviting you to join our survey on how your peers are preparing.

 

 

For your participation, you will receive a copy of the report to help benchmark your organisation. Also, we will send you a copy of the book "The New IT" by Jill Dyché (limited number of books on stock).

I hope for your participation – we will all learn a lot. Sometimes, the only thing we have to fear is indeed fear itself: Knowing where you stand and the scope of the workload in front of you can save you many sleepless nights.

 

Tags
Share

About Author

Casper Pedersen

Thought Leader - Big Data

Thought Leader - Big Data - SAS Denmark Committed to achieving and exceeding demanding targets and business objectives while remaining focused on providing an exceptional standard of service.

Leave A Reply

Back to Top