PwC’s legal team has released a new paper on preparations for the GDPR, finding that technology is often the missing link. The paper covers the technology reasons behind why data protection law exists; transitioning to GDPR & the tech it requires; and what organisations should be doing now.
The principal contention of the White Paper is that data controllers and processors who are engaged in the design, build and delivery of GDPR programmes should re-examine and rebalance their priorities, in order to deliver the best possible technology environment for personal data before the GDPR comes into force in May 2018.
As part of this rebalancing exercise, they should:
- Critically examine whether they have enough time, space and resources in their programmes to deliver what is required in their technology stacks by May 2018. As part of this process they should consider performing a technology functionality gap analysis, whereby the operational performance of technology is tested against the requirements of (1) the data protection principles, (2) the data subject rights and (3) the programme build requirements described in the GDPR.
- Perform a risk and cost-benefit analysis, whereby the operational risks to personal data and the legal and reputational risks to the controller or processor of data protection failure are weighed against the feasibility issues associated with delivering technology change, such as the lead time required to source, procure, install and test new technology. Central to this exercise is an understanding of the nature of the technology market and the consensus of professional opinion on what ‘good’ looks like.
Want to know more? You can download the paper here: http://www.pwc.co.uk/legal/pdf/technologys-role-in-data-protection-the-missing-link-gdpr-transformation.pdf
Or call PwC cybersecurity partner Stewart Room (pictured) on 07711 588978.