GDPR: A framework for better security and privacy or another consultants’ picnic?

Remembering the Millennium Bug

People of a certain age in the technology sector are likely to remember the Millennium Bug. If you are not aware (or have simply forgotten!), it’s worth a quick history lesson…
When programmers were designing computer systems in the last decades of the 20th Century, they mostly used a two digit year format. Lots of legacy systems were still in use as the year 2000 (Y2K) approached. At midnight on 31/12/1999, the two digit year would roll over from ‘99’ to ‘00’ and no one could really predict what would happen. Isolated, discrete systems were one thing. What about interconnected systems? What about systems that controlled major infrastructure?
To try to avert Armageddon, entire armies of programmers were retained as consultants (many on really great hourly rates!) and dispatched to try to avert a global meltdown by retrofitting four digit year formats to systems. Despite this, even as the rollover date approached, there was a lot of uncertainty about what would actually happen…
Well, the world survived the Y2K rollover pretty well. Air traffic control systems didn’t drop planes out of the sky… Nuclear reactors didn’t go haywire… Coffee machines carried on dispensing caffeine in the required doses to the bleary eyed who were on standby that night in case things went south… And Windows carried on being Windows with all its bugs and foibles.

GDPR – a little bit of history repeating?

The fact that nothing really went disastrously wrong led to the Millennium Bug being interpreted by some as a bit of a red herring and characterised as a ‘consultants’ picnic’ – something of a job creation exercise by the IT industry.
The GDPR comes in to force on 25th May 2018. The European Union General Data Protection Regulation (EU-GDPR) is being adopted in the UK and promises a new era of better privacy for individuals and IT security for organisations of all types. Even though the UK is set to leave the EU, the UK government is writing GDPR into law. This is vital because unifying IT security and privacy standards facilitates cross-border exchange of goods and security information.
However, there are some that suggest GDPR could create a situation akin to Y2K. Will GDPR really create better security and privacy or is the entire project simply the lofty (and unworkable) ideals of legislators which creates another consultants’ bonanza for the IT industry?

More jobs, more services, more technology

There is little doubt that GDPR has boosted the recruitment of those with data management and protection expertise. The mechanics of becoming compliant with the GDPR standard requires a significant amount of auditing and analysis to identify gaps and understand how to close them to ensure organisations meet the requirements. And it’s not just permanent hiring that’s experiencing an uplift.
GDPR consultancy is a value-added service. Googling ‘GDPR services’ gives you “About 8,710 results”. Small and mid-sized companies in particular, without the budgets to appoint their own GDPR project leaders require outsourced GDPR services. However, larger companies with more complex systems and infrastructure may also require the assistance from external third-party experts.
Also, tech vendors are making hay while the sun shines too! Software applications to automate GDPR related tasks such as auditing and encryption are now readily available.
There is no doubt that GDPR is an ambitious project, it seems well intentioned and deserves to succeed. Perhaps the most important distinction between the Millennium Bug and the advent of GDPR is that there is no countdown to a final date, no 31/12/1999 where we will see whether the project has succeeded or failed straightaway. GDPR is going to produce a long tail of results where absolute success or failure is more difficult to pin down and is only revealed over time.

Get certainty on the GDPR from ETZ

ETZ is working right now to make certain our recruitment back office solution fully supports GDPR. It is important for recruitment firms to understand that they cannot offload responsibility for GDPR compliance on to external IT service providers.
Every business will be held directly responsible for meeting the regulatory standard. Recruiters need to actively engage with all technology suppliers to ensure all IT systems support compliance. If you want to find out more about ETZ and GDPR, don’t hesitate to contact us.
Photo Credit: European Union Flags courtesy of Thijs ter Haar / Flickr