organisations must ensure they have understood what needs to be done to deliver the desired outcomes of their programmes aimed at achieving compliance with the EU’s General Data Protection Regulation (GDPR).
With just one month to go before the GDPR deadline, organisations must ensure they have understood what needs to be done to deliver the desired outcomes of their programmes aimed at achieving compliance with the EU’s General Data Protection Regulation (GDPR).
Stewart Room, data protection lead at PWC, said: “That is what the GDPR will be about in the live environment. So, when programmes are tested by unhappy employees, unhappy consumers, privacy advocates, the media, regulators and so on, they are going to test against outcomes, such as delivering a greater degree of confidence in the mind of the citizen that an organisation is being open and transparent,”
Room warned that potential problems could arise because personal experience has shown that testing of outcomes is “not a natural, instinctual” part of this work, with organisations tending to test and measure “outputs” of the various elements of their GDPR programmes, such as the publication of privacy notices, rather than the outcomes they are trying to achieve, such as increased trust and confidence.
He said: “With just 30 days to go to the compliance deadline of 25 May 2018, organisations should be focused on the minimum viable product that they should be delivering in a month’s time to achieve the necessary outcomes,”
Room believes organisations should be considering if they understand what their first line of defence would be and asking themselves if they are confident that they have understood the nature of the minimum viable product (MVP).
He added: “If an organisation does not have a minimum viable product as a first line of defence against adversity – whether that is a data breach or a customer wanting marketing opt-outs – the business is arguably ‘naked’ from that moment on.
“The minimum viable product is the thing that gives us the best line of defence against adverse scrutiny, which should be the ‘outcome’ of any GDPR compliance programme.”
To measure the ‘outcome’ of any programme, Room said organisations need to have a methodology so that organisations can be confident that all the outputs “knit together” in a way that successfully delivers the desired outcome.
UKFast's GDPR-optimised Hosting solution gives you flexibility, scalability and control, backed by expert UK-based support, available 24/7/365.
Call 0800 953 9915 and speak to a UKFast hosting specialist to discuss a GDPR-Optimised Hosting solution today and receive a FREE quote
Return to internet news headlines
View Internet News Archive