GDPR skills shortage – Not to be ignored: Part 1

December 11, 2017

Share this...

GDPR is an enterprise wide change programme and suitable resources and budget need to be allocated.

There’s not one single part of our process within an organisation that GDPR will impact. To the contrary, it impacts every part (and arguably every member) of an organisation – IT, legal, marketing, sales – in nuanced, specific ways. While large organisations may have the resources to identify and address gaps in this whole GDPR ball of wax, often small and medium-sized businesses do not.

Meanwhile, there in the background, looms this non-compliance punishment; 2-4% of turnover or €20 million (whichever is higher). Daunting Complexity + Massive Fines = Business Paralysis. In fact, a recent Collyer Bristow survey found that 20% of businesses have still not taken steps to prepare for the GDPR.

But it doesn’t have to, nor should it. Our clients have worked with us to jumpstart their GDPR compliance planning, starting with a readiness assessment.

Each assessment we conduct provides comprehensive insight into an organisation’s current, unique GDPR compliance picture and identifies the most pressing needs. We’ll identify areas of strength, as well as complementary talent and expertise needed to successfully meet and maintain an organisation’s GDPR compliance.

This assessment, usually done in 2-4 weeks, looks at four business areas:

  •  People
  • Data
  • Technology
  • Policy and Processes

Why these four areas? Simply focusing on gaps in technology and security solutions represents only one quarter of the compliance puzzle. If someone leaves your front door open, it negates that fancy security system. Rather than investing in new technology, you may need to invest in education programmes for employees. Rather than rewriting data and privacy policies, you may need to focus on identifying what data you possess, why and where it resides. Therefore, we collectively need to see how all these pieces fit together and where they don’t. This follows the Information Commissioner’s Office (ICO) guidelines, which state, “it would be useful to map out which parts of the GDPR will have the greatest impact on your business model and give those areas due prominence in your planning process.”*

Only then, will we make a recommendation, which includes clear roles and responsibilities, a critical path (and its accountability) and most importantly, understanding and commitment from the entire organisation on what must be achieved and how.

Now that you’ve identified the skills you need, where do you find them? We’ll cover that in Part II.

Get in touch with SOLA Consulting to request your Readiness Assessment