I sense a lack of importance for implementation…
Or are you still living somewhere within the clouds with your mindset….
GDPR (DSGVO) is big. Really big. You just won’t believe how vastly hugely mind bogglingly big it is. I mean you may think it’s a long way down the road to the chemist, but that’s just peanuts to the GDPR (DSGVO) “for organizations that are not already fully complying with the Directive it is replacing”.
The currency of Trust: The “WHY” of GDPR
“74% of consumers would switch their bank or insurer in the event of a data breach”
Source Capgemini
Companies should keep in mind that consent is not always required, and there may be another lawful basis for processing data that is more appropriate.
Since the last three years, since the moment the European Parliament introduces the new GDPR regulation companies should have take action.
But most companies did not even thinking to implement this within their company and waited till the very last moment?
Now off course they are way to late and putting their company at risk by getting a fine for not implementing the GDPR regulation.
Most companies I am aware of are not even ISO 27001 certified and for cloud ISO 27018 & 27019, besides this some of them are telling all their customer that they are compliant but ad the back door construction is still ongoing, so basically building a façade for the public and auditors.
I do not think that the authorities will do any audits this year but there will be audits as of the first of January 2019 and better believe me that there will be a lot of penalties written down for who does not have the GDPR (DSGVO) implemented.
Even the risk you are taken is so dangerous and jeopardizing your companies’ vulnerability that it is really not worth it at all.
In my opinion is the GDPR (DSGVO) just another way to gain more income for the Government. I do not understand that nobody is saying this out loud when it is the full though and reality.
We have to do something about security and privacy protection but look also to the other side of the medal now.
Implementing this regulation also costing your company loads of time and money and yes, also good for employment but that is the other side of it already.
The benefit for Government is to gain all the penalties, which will be millions of Euro’s, are actually real profit for them and now asking yourself the following question, what will the Government do with all this money from these penalties? One thing is for me sure, that they will not use it to make your company more secure or protected!
Than off course all the companies who are offering you the best training for GDPR (DSGVO), ad the moment there is officially NO training for this on the market or stated by the European Union Parliament. The only thing the parliament was introducing is the regulation with their corresponded articles but not how these have to be implemented?
For the DPO, DPA there is no official certification in place, which already should be done by now by the European Union Parliament, which they really failed in a terrible way to do so.
By the way do you already have a DPO within your company?
Now do not think that I am against the GDPR (DSGVO), I am only thinking from the perspective of implementation and what things has to be done to get really compliant.
I saw that there are sitting a lot of people on the wrong places who do not really care about security or even the GDPR (DSGVO) the only thing for them is creating more revenue and not the maturity of the company. These kind of people are sitting in the wrong place and need to be educated ASAP because they are the biggest risk within any company.
I was seeing this behavior within senior management (Vorstand) in Banking, Insurance and Telecommunication firms all around Europe, I experience the lack of interest concerning security and vulnerability and GDPR (DSGVO) at one of the biggest Insurance companies in Dusseldorf Germany. And this was for me really the proof how senior management is handling the priority for implementation of security, vulnerability, GDPR (DSGVO) and maturity of the company, which means growth.
If you are reading this as an employee than ask yourself the question, do I know what data is being held about me by my employer? And if I asked to see it, how quickly and easily could it be provided and would the format be clear and useable.
All with all, I think it is the responsibility from the CEO and senior management (Vorstand) to wake up and start taken the right actions, but ad this moment I am sorry to say they are way to late for this now…
Well if nobody would take care about this than you got already your answer and wishing you good luck for the near future and this is closer than you might think…
