Why 80% of organizations will fail getting ready for GDPR
Blog: Capgemini CTO Blog
EU General Data Protection Regulation (GDPR) compliance cover a lot more than the “by law” in context of legal matter. There are technology, process, strategy and marketing aspect to build into the picture. The backside for an organization that have not taken the right path to fulfill the GDPR requirements, are the risks of non- or partial compliance and extraordinary cost and damage to the organizations brand.
Reading the Forrester’s report of “Predictions 2018”, and prediction 8, they foresee that organizations are weighing what it means for their own organization, to be either fully or partially compliant to GDPR. Forrester predictions states that;
• 80% of firms affected by GDPR will not comply with the regulation by May 2018
• Of those noncompliant firms, 50% will intentionally not comply — meaning they have weighed the cost and risk and are taking a path that presents the best position for their firms
• The remainder 50% are trying to comply but will fail.
Forrester continues to state that; “This will be a fluid environment; any successful case against a well-known giant will change the risk/cost balance.” It is here the calculation comes onto the organizations Board of Executives agenda’s – and the Executive Boards are planning according to that – to ensure the best position for their firm.
Forrester conclude their prediction and reports that; “The sleeper issue of 2018 will not be compliance but how consumer advocate groups use GDPR to prosecute their agendas by using the regulation’s “right to be forgotten” clause — exhausting companies’ resources and damaging their brands.” – What this mean, is yet to be seen but – if Forrester’s prediction is right, organizations main concern should be how to meet “data subjects” expected interest and growth in demand of ensuring their personal data is protected, corrected and deleted upon the data subjects request, and that those demands are met by all organizations. Naturally, there are other “by laws” that precede data subject rights (e.g. Legal and Financial Laws).
In the same report Forrester reports another prediction, that “Companies face increasing cyberthreats from hackers who seek to commit cyberwarfare or industrial sabotage. There is no rest for the weary: The same security, risk, and privacy teams battling hackers encounter internal pushback that security measures negatively affect customer experiences.” This prediction may not be considered by the organizations that have calculated and have weighed the cost and risk and are taking a path that presents the best position for their firms, it is far from sure that the cost will be within their calculations or, exceed beyond the organizations limit and lead to bankruptcy. Forrester states the question; “But what if security investments directly enhance customer experiences and drive growth?” Can this perhaps be the solution to many of these organizations that, instead of intentionally be failing to meet the GDPR in time, would decide to make an investment that ensure a ROI beside helping them on the path to compliance.
Forrester means that in 2018, we will start to see security for profit measures driven by security, risk, and privacy teams with the support of their marketing and product peers. Central to this, they state, is identity management. Forrester mean that “Security and privacy teams need to know exactly who is accessing what and resolve identities across entry points. They also predict that marketing can use that same capability in the martech stack for personalization — transforming a security mandate into a CX enhancement.” A martech stack, can in this case, can be many different technologies from a number of different companies, that combined, can meet the needs for an organizations compliance. It can also be viewed in another way; “a Cybertech stack”, where organizations make use of different technologies from several companies that together help them to achieve their challenges to become GDPR compliant.
Forrester conclude that; “10% of firms will crack this code and gain new and powerful investment leverage.” They mean that 10% of firms will translate security investments into company profits, and an interpretation of this statement could be that having many companies’ services and support will be a strength in every organization. The service provider that has the broadest and strongest market partnership within Cybersecurity, best can best help organizations and Capgemini is one. Examples of technologies that we provide and that will simplify any organizations many in aspect of GDPR are from the key concept aspects; consent management, data discover and data erasure technique, processing limitations, protection of minors, right for data portability, compliant management and right to be forgotten to mention a few. From the ley implications view, we offer help with; processing record management, control and monitoring, technology and organizations measures, privacy by design, cross-border processing, data breach notification and privacy impact assessment as examples. The best way forward is to embrace the help and capabilities that are available to realize the journey to GDPR compliance.
Follow the link to find details about GDPR and references. For further discussions, please reach out by leaving a comment in form below and we will contact you shortly.