My colleague in the next office has a sticky note on her monitor which reads “Nothing is more permanent than a temporary solution.”
In researching the source of this quote, I’ve found it attributed to a) a Greek proverb, b) a Russian proverb and c) Milton Friedman (although his statement applied to government programs). Whatever the source, while in previous GDPR-related blogs we have talked about what the General Data Protection Regulation (GDPR) is, its relevance to our customers, what steps need to be taken now to be compliant by the May 25, 2018 deadline and how Software AG can support compliance efforts, I’d like to use this blog to caution against viewing GDPR compliance as a one-off project – a temporary fix so to say.
Yes, the challenge is very big and very immediate. One is tempted to take just tactical steps towards a “minimum viable compliance level” for GDPR. Yet, we are also acutely aware of the relevance of the saying “Nothing is permanent except change” (Heraclitus, Greek philosopher) to the business world we live in. The rapid and constant change of business means that new business processes, data and systems are continuously introduced. Fast-paced change requires clear policies, a stable process foundation and a current and reliable information base on which to base decisions.
This is particularly important when considering the GDPR mandate of “privacy by design.” Designing new business solutions must be informed by knowledge on not only current state but, more importantly, planned changes. This will avoid designing a solution targeting a process that – for GDPR compliance reasons - will be changed, personal data that won’t be available or need extra security protection, or applications that can’t be used due to GDPR limitations on cross-border information exchange. Solution design, i.e. IT planning, needs an ERP-like approach; bringing together the relevant people, processes, tools and information to create an information-based, process-centric information platform on which to base decisions. It stipulates a uniform methodology that is shared across stakeholders - this is key to collaboration and enablement of decision-making.
Too much work for just one regulation? You can be sure that an increase in digital business, more big data, more social media and more Internet of Things will bring with it more regulation and legislation on handling personal data. If you do GDPR right, it could be the poster child for all of your personal data protection and, for that matter, all of your data protection. You’ll have an established and proven methodology for protecting IP, competitive information, strategy planning and more.
So instead of taking an “it’s all Greek to me” attitude towards GDPR, move from compliance to commitment (thanks, Elizabeth Denham) by building a sustainable data protection foundation for your business.