A GDPR Approach – Makes You Want to Laugh or Cry?
I happened to read this article about General Data Protection Regulation (GDPR). Lots of talk about GDPR but not a lot of action. So in terms of action, when do the worker bees start to make the required changes? Ours have started making the changes for clients. Anyway, back to the article. The author offered up the following solution: just stop doing business with the EU and the UK. Hmmm, I was left speechless for a few minutes at the rather novel idea.
I think many readers may think I just misunderstood the article. I did not, and I will share with you the exact words. “One way to avoid the cost of compliance, of hiring a DPO ($150,000), building in controls, creating a 72-hour breach notification ability, is just don’t collect data on EU residents. Make them click a button asserting that they do not reside in the EU before installing. Or use geo-location to block them altogether.”
Well, that is a unique way to resolve the GDPR challenge. Where I struggle with this bombshell is that it is cutting off your nose to spite your face. Why on earth would you limit your opportunities for sales and growth?
The author’s attitude seemed to imply that we are, in a way, punishing the EU and UK for implementing such an outrageous law. Ahem, again I say, what about the loss of revenues to the companies? Read it for yourself. “This means the EU will be cutting itself off from the latest and greatest technology. Want to install the newest secure communications app? Sorry. How about that new business app for managing contacts, or accounting? Not available in the EU. That new VR/AR game that is taking the world by storm? Sorry, only people outside the EU get to experience it.”
You know what I think? Almost every GDPR mandate should already be in place at all companies – large and small. It is ridiculous that the majority of companies can’t find even a smidgeon of information about a specific client. What do they do all day long? How do they do analytics? How do they determine the best sales and marketing approach for a specific product? How do they function?
And one more item before I end this. I believe that the US should have an equivalent law. That statement would probably put the author in a tizzy. It is comical or sad, depending on how you look at it, that the GDPR is causing all this commotion about the inability to track individual information from beginning to end. Have you started addressing GDPR? Would you take this approach? Please say No.
Join us for our Enough Talk – Solving GDPR Problems Through Metadata-Driven Compliance webinar, on Wednesday, March 14. This session explains not only the ramifications of General Data Protection Regulation (GDPR) but also how to address the compliance issues. It examines the tactical aspects of the solution, little-known stumbling blocks, and different tools that automate changes and provide an audit trail for compliance.