With just weeks to go before the compliance deadline of General Data Protection Regulation (GDPR) on 25 May 2018, will your organisation make it over the line, what are the toughest challenges of getting GDPR right, and what should you do if you are worried about being compliant in time?
To answer these and other questions, A-Team Group hosted a webinar dedicated to the countdown to GDPR. The webinar was moderated by A-Team editor Sarah Underwood and joined by Garry Manser, head of data governance at Visa; Sue Baldwin a vendor management expert and independent consultant; and Tudor Borlea, product specialist at Collibra.
On the upside, an early poll of the webinar audience showed 6% of respondents completely ready to meet the GDPR compliance deadline, 52% expecting to be ready in time and 42% not expecting to be ready but able to show intent if challenged by regulators. Referencing the poll, Borlea said financial institutions are used to regulation so are managing GDPR well and should be in a defensible position by 25 May. Baldwin noted unfinished final guidelines from the Information Commissioner’s Office (ICO) and the EU detracting from the process of getting completely compliant. We’ll reflect on how the GDPR deadline day goes in our next webinar covering the regulation on 29 May.
At this stage, outstanding data management challenges of the regulation identified by a second audience poll are, in descending order, managing data across silos, ensuring data is accurate and updated, setting alerts for data privacy breaches, identifying personal data, and providing data access for individuals.
The speakers agreed that legacy systems and data silos are significant challenges to compliance with this and other regulations, and noted the need for data remediation and culture change to help get GDPR right across the organisation.
Discussing what financial firms that won’t be ready for GDPR should be prioritising now, Manser said the key thing to do is cover consent by using privacy notices on your websites that are GDPR compliant and describe how personal data is used and stored, and offer an option for data subjects to opt out of personal data being used by your organisation.
The panel warned against completion celebrations on 25 May, noting that this is only the start of a long journey to maintain GDPR compliance and transform early tactical approaches into strategic solutions. It also warned that there will be large numbers of ambulance chasers asking for access to their data just because they can.
If your tight for time, worried about compliance and concerned about the huge fines of non-compliance, make sure you can show reasonable levels of intent to be compliant on the big day and look forward to the benefits of a robust GDPR solution including improved reputation and rising profitability.
Listen to the webinar to find out about:
- Approaches to compliance
- Outstanding challenges
- Last minute priorities
- Data conflicts with MiFID II
- Benefits of compliance