There is no doubt for many 2018 will be the year of data privacy, driven, in no small part, by the impending EU General Data Protection Regulation (GDPR).
In my opinion GDPR has many positives elements to it, it’s the opportunity for businesses to look at how they manage, secure and retain the privacy of data across their organisations and for too many of us, this is something that’s long overdue.
GDPR (and other regulations) however are not just a good idea, they are something that we need to comply with and May 25th 2018 is the date when GDPR becomes enforceable.
With that in mind, what are some of the changes that we should expect? what things are no longer going to acceptable practice? and what are the things really that we should have in place by that date?
This week we look at exactly that topic as I’m joined by data privacy expert and attorney Sheila FitzPatrick, founder of FitzPatrick and Associates and a globally recognised data privacy expert with over 35 years’ experience in the data privacy field.
Who better then to ask and get some advice from on some of the pitfalls and common misconceptions of data privacy and, when it comes to GDPR, what are some of the basics that we really need to have in place by May 25th 2018.
During this episode we discuss a range of issues, we look at where we should start and why that place really shouldn’t be technology, Sheila also touches on why it’s important to be weary of “GDPR” experts selling you their compliance technology.
We discuss some of the common misconceptions and mistakes that organisations are making in their business compliance work and how this often leads to companies spending a lot of money unnecessarily, we also look at why focusing on GDPR alone can be a big problem in itself.
Sheila also explains why security is not the answer to data privacy and why it’s important to make sure you understand exactly why you have the data in the first place, before you worry about “securing” it.
We explore where to start on your compliance journey by understanding your current policies and procedures and what they are based upon, are those procedures clear and transparent and then the importance of GAP analysis, so you can understand what work is needed to meet the requirements of GDPR, or any other relevant privacy regulations to your organisation.
To wrap up we look at the things organisations are currently doing with their data that come May 26th 2018 will no longer be acceptable and why it will be crucial to ensure your business compliance plans are fluid and capable of responding to the ever changing data landscape, May 25th is most certainly not an end date for GDPR.
Lastly, I ask Sheila whether she has advice for those that think GDPR won’t affect them and she does!
Sheila, as always, shares some great insights into the world of data privacy and compliance and does so with her usual enthusiasm for the topic.
If you want to hear more from Sheila on these subjects, Sheila has appeared on Tech Interviews a number of times before and those episodes can be found here;
Myself and Sheila also recently appeared on The Cube discussing GDPR and data privacy, you can find that show here https://www.thecube.net/netapp-insight-berlin-2017/content/Videos/t3wRSr6LDJbTY6rAD
If you want to contact Sheila on line you can find her on twitter @sheilafitzp.