Streamlining Compliance in a GDPR Landscape and More: Recap of CGOC London 2016

Streamlining Compliance in a GDPR Landscape and More: Recap of CGOC London 2016

At the CGOC event in London earlier this month, the fast approaching General Data Protection Regulations (GDPR) was of dominant interest for attendees.   No matter the session topic, whether blockchain, M&A or eDiscovery, GDPR would inevitably percolate back in to the discussion.

blockchain panelIn the US, Information Governance practitioners are aware of the importance of the GDPR and know they should start familiarizing themselves with some of its more onerous requirements. However, similar to the student who through circumstance finds himself with only one hour to complete a three hour final exam, European practitioners are in a rising state of consternation.   There is much to do in a very short amount of time and organizations are “scrambling”. One of the new developments and a promising first step we noticed was the increased presence of data privacy officers. They are in the unenviable position of converting the relatively broad principles in the regulation into the actionable tasks needed to make their organization compliant by May 2018, if not before.

New Data Privacy Officers find the paradox created by the intersection of security and the need for privacy rights the hardest to navigate. Even though it is slowly changing, currently in the US and most other countries, security will be paramount.  EU organizations must tread a finer line or risk unprecedented fines.

view from RS

Most organizations we spoke to revealed that they were still in the process of creating their Privacy Program Governance and a small minority had just started the assessment phase of the Privacy Operational Life Cycle. In either case, there is still much to get done and with the recent downsizing efforts of many large entities, privacy professionals felt squeezed of the tools and resources they need to accomplish their goals.

The CGOC has long touted the benefits of good data & information governance and many forward thinking organizations found the benefits well worth the effort and expenditure.  These organizations now find that their proactive work finding, organizing and governing their data will make compliance with the GDPR less burdensome than those, who for various reasons, sat on the fence.