In the final post of our series aimed at debunking myths around the General Data Protection Regulation (GDPR) that comes into effect today, I invite you to exhale.
Myth #4: You must be 100% compliant by 25 May
Most deadlines are like train announcements: Useful information for the periphery of your mind. Others are like ticking time-bombs in the collective consciousness: Cinderella at midnight, Y2K, and end-of-world prophecies...
Stories about the GDPR deadline have certainly placed it in the latter category. But while achieving 100% compliance by 25 May was a goal for some of us, the preparations towards it have unveiled something else, and probably more profound.
Unlike a tick-the-box exercise or one-time stress test, GDPR compliance is in reality a journey, not a destination, making it all the more significant. Although you should have in place a robust data privacy program by now, 25 May signals more the start of transformative corporate behaviours around data protection and data security, than a day in one’s life. It announces corporate change, and on a large geographic scale.
GDPR’s real value resides in ever evolving and adaptive ways of ensuring good data protection practices, on-going compliance and continuous improvement.
So don’t think it stops here. 25 May is the day to look ahead and forward, to continue building a framework, and promoting a culture of privacy within your organization.
Privacy matters; today, tomorrow and for the foreseeable future.
Blog Author: Christel Cao-Delebarre, Global Privacy Officer, CWT