Many organisations around the world do not have a coherent plan for the GDPR.
Many organisations around the world do not have a coherent plan to prepare for compliance with the EU’s General Data Protection Regulation (GDPR).
This is the opinion of Pricewaterhouse Coopers (PWC) which has global insight into how organisations are preparing for the GDPR.
Global head of cyber security and data protection legal services, Stewart Room, said: “The overriding impression is that entities are tackling the GDPR without vision for their desired end state.
“The concepts of vision, strategy and structure are part of classical approaches to business transformation, where you develop an image/ goal for your desired end state, then you can put in place a strategy to deliver that vision and the structures through which this will occur, centring them around people, processes and technology,”
He said ideally an organisation’s vision should take into account its economic goals for data and its risk position – which could include legal non-compliance and delivery risk.
Room added: “For example, if an organisation is tackling the GDPR for the first time now [with just 13 months to go], it may find that the skillsets are already sold out and they may not be able to get the people they need to support them, so there is a delivery risk.”
Room warned if organisations get lost in a legislative compliance approach they may miss the big areas of real risk. He believes the best approach is for each organisation to think through exactly what the GDPR means to them.
He said: “The absence of a vision for the GDPR is the major problem that needs to be addressed, not the technical nuances of legal interpretation.”
Room is concerned for small and medium-sized enterprises facing the challenge of GDPR compliance, and said they typically need much more support than they can acquire internally.Return to internet news headlines
View Internet News Archive