The sometimes stately progress of the General Data Protection Regulation (GDPR) through the EU legislative process has led some commentators to believe that the regulation is unlikely to pass into law. The global head of data protection and cyber security at PwC, Stewart Room, says this is not the case: regulators are already regulating as if the new framework were in place, and businesses waiting for the formal ratification of the regulation before they take action are making a mistake.
In a recent blog, Mr Room commented that:
“It is more likely than not that the Regulation will complete its political journey and deliver new law.
“The real challenge for businesses is how to use the time that is currently available to them to make the best possible adjustments to their systems and operations for data protection so that they are optimised to meet the challenges of the new law when it comes into effect. Sensible businesses will be planning now. Neglecting the planning and adjustments simply on the basis that the pathway of the law is ‘uncertain’ is a not an intelligent choice.
“Now is the time for businesses to move towards states of ‘Regulatory Reform Readiness’. The impact of the likely legal changes for their businesses ought to be considered and the gaps between their current and desired levels of legal compliance ought to be measured. From there, strategies for adjustments and business transformations can be developed, which deliver changes in measured, proportionate and effective ways.”
The easy route to GDPR compliance
Time may be limited, but all is not lost for EU businesses that are yet to prepare for the GDPR.
Implementing a best-practice information security management system (ISMS), as set out in the international standard ISO 27001, enables all EU organisations to meet their new legal obligations while streamlining their existing processes and creating greater business efficiency.
IT Governance has led hundreds of ISO 27001 implementation projects around the world, and our ISO 27001 Packaged Solutions provide fixed-price implementation resources and implementation guidance for all European organisations.