As I’m writing this text, there are 62 days, 11 hours, 24 minutes and 40 seconds until the provisions of the EU Regulation 2016/679 will come into force…I stopped from the rush of the day and I’m thinking.
Around me there’s horror, everyone is freaking out, there are less than two months until the GDPR “shock”. A lot of events on the market, tons of ink used, courses for everyone’s pockets, certifications and a lot of experts trained overnight, overall panic.
From all the information available on the market a few conclusions are drawn:
- the position of the Data Protection Officer is in great demand and
- the fines recommended by the regulation will bury the companies definitively.
Without mirroring these provisions of the Regulation into internal legislation up to this point, could we just imagine how the future will look like?
I am a big company, I process a lot of personal data, but I’m also a recruiter. I hear from Mary that John is interested in a position in my company and I’m thinking of recruiting him. I write a nice email and I invite him to the interview. But wait! I wake up with the authorities at the door because John was angry that I have contacted him and not only that he wants to use the right to be forgotten, but he also wants us to pay for the imprudence of contacting him without the precious consent.
What should we do? Remove the evidence of processing, push the DPO from behind to describe the organization in eloquent terms, that it has implemented all the necessary procedures and complies with the provisions of the regulation.
Let’s let our imagination fly a little more…maybe we can find a solution. We can move our work outside the European Union. But what do you think? If we process personal data of individuals in the EU, we turn back from where we left. Can we completely avoid the EU?
Another idea is struggling to the surface. It seems that we no longer want clients as we are afraid of fines, we no longer want to process data, we want to live outside the GDPR bubble, somewhere on an Asian beach.
Wake up, we still have 2 months until the “shock” and 61 quiet nights of sleep, if you set aside 10,000,000 euros for a possible fine! The rest, let’s take a look at the processed data, deal with data process mapping, and hunt down the Data Protection Officer, who, honestly, I think will be like the Golden Fleece in less than a month.
Those of you, with infinite possibilities, you can relax in some warm destinations without worrying about data processing, administrative fines, audits, data protection mapping, data protection officers…For the typical entrepreneur… there are less than 62 days left.
The situation is not so tragic, the text is a pamphlet, so please treat it as such.