Blog > May 2019 > GDPR: Experts Weigh in One Year Later

GDPR: Experts Weigh in One Year Later

This time last year, all eyes were on the May 25th deadline for the General Data Protection Regulation (GDPR). The GDPR was one of the most extensive data privacy regulations to date—and 85 percent of organizations were not prepared to comply. Companies that had put off modernizing their information management strategies were worried. Some did not know where to start. In response, ASG wrote a blog post, “Life with GDPR,” outlining the capabilities that companies would need to reach compliance.

One year later, organizations have been forced to revamp their information management strategies to comply with the GDPR and avoid fines. To understand how the regulation informed transformation, we asked IT executives what lessons they learned about information management since the GDPR went into effect. Here’s what they had to say:
 “If there is one lesson that every organization has learned about information management this past year, it’s that our hubristic belief in our own systems and data management strategies was very misplaced. The last 12 months have been an exercise in re-evaluating timelines and learning hard lessons about legacy (and sometimes, not so legacy) data. They have also taught us the limits of organizational prescience, as systems that were built without the concept of data deletion, anonymization or pseudonymization have had to be re-engineered to handle the new state of affairs. Those organizations that were well along the path of GDPR systems compliance when May 25, 2018, hit had a head start on the rest of us, but everyone had to contend with the same issues: redundant data, legacy storage media, identical data stored differently in different tables, personal data used as part of a primary key, ‘forgotten’ data that magically reappeared, departmental data siloes and many more. GDPR Year 2 brings with it a much more ‘realistic’ assessment of what can be achieved and how systems should be constructed moving forward."

 Ian McClarty CEO and president of PhoenixNAP Global IT Services

“The main thing about GDPR implementation is to change the focus of all IT security ecosystems from corporation-focused to customer-focused. It required a change in the processes across all our departments.... You should inform every person in your company about GDPR implementation: when, how and what you’re going to do, as well as the most important—why? At the start of the implementation process, we led a series of workshops and knowledge sessions for different teams, where all the complex requirements and effects on their work were explained. If you want GDPR to be implemented properly, it’s important that everyone in the company knows the effect it has on her or his work.”
 — Aleksandr Maklakov, CIO at Kromtech

“The past year has been a year of fluidity concerning information management. In the time that GDPR went into effect, we have expanded our core business principles of building trust and establishing transparency with how we organize, store and use the data acquired through iterative consent. As we continue to honestly and thoughtfully view consent data as an insight into an individual, we deepen the breadth of the relationship between the company and the consumer. It is through this deeper relationship that one can improve customer acquisition, retention and satisfaction."

 —  Alan Price, CTO at Vision Critical

“Over the past year, every industry has been forced to understand what ‘data privacy’ actually means. The last twelve months highlighted to consumers the failures and roadblocks companies face when implementing a data protection strategy. For example, the regulation failed to consider how to handle privacy debt, which refers to the mass of personal data that companies had collected before the GDPR, which now loom as a liability. Successes of the regulation, however, have had an even bigger ripple effect. From increased breach reports to technologies and platforms being designed with privacy in mind, the GDPR has had a positive impact on increased consumer privacy. The most impressive accomplishment of the GDPR, however, has been its role in kickstarting the data privacy awareness revolution. From the introduction of the California Consumer Privacy Act (CCPA), to the reconsideration of the Children’s Online Privacy Protection Act, the first year of the GDPR put the wheels in motion to create a globally safe, secure data landscape.”

 —  Rob Perry, vice president of product marketing at ASG Technologies

After one year with the GDPR, organizations know this for certain: compliance is not about one deadline. It is an ongoing practice that requires a comprehensive information management strategy and the right tools to achieve. If you are still on the road to compliance, visit this webpage to read ASG’s GDPR handbook and learn how our information management solutions can support your initiatives.
Posted: 5/24/2019 8:40:07 AM by Jessica Hohn-Cabana - VP, Marketing
Filed under :compliance, data governance, data regulation, GDPR