Today’s guest post is from Tony Bridger, an experienced provider of Procurement Consulting and Spend Analysis services across the Commonwealth (as well as a Lean Six Sigma Black Belt) who has been delivering value across continents for two decades. He is currently President of UK-based TrainingWorx Ltd, a provider of a wide range of Procurement and Analytic business training programs (inc. GDPR, spend analysis, project management, process improvement, etc.) and focussed short-term consulting solutions. Tony can be contacted at firstname.lastname@example.org.
The countdown has begun!
On the 25th May 2018, the European Union GDPR (General Data Protection Regulation) goes live. However, it is unlikely to be introduced with fireworks or an Olympic sized ceremony.
All 27 European members will have a GDPR supervisory body implementing on that day. As it’s an EU Regulation it has zero capacity for change in member countries. For those hoping that Brexit may dilute the Regulation – think again. This is one Regulation that governments are unlikely to attempt to repeal or amend in the short term.
Elizabeth Denham, Commissioner of the UK based Information Commissioners Office (ICO), said in a speech in 2017: “There’s a lot in the GDPR you’ll recognise from the current law, but make no mistake, this one’s a game changer for everyone”.
Like many legal changes of this size, GDPR has spawned a whole new range of enterprises and commercial activity to help organisations manage the change within the EU. However, will it have much impact on day to business? – and is anyone doing much about the impending change? UK Government:
Figures from the end of 2017 showed that more than 44% of employers were not aware of the GDPR, while a government study in January 2018 revealed that only 25% of businesses which had heard of the regulation had made any changes to their operations. (Source: Business Matters)
The ICO in the United Kingdom is certainly preparing for the implementation of the Regulations. A cursory glance on the job boards reveals a constant stream of recruiting advertisements for staff.
Clearly, they are being resourced for the change – and see work to be done. The UK ICO is clearly committed to ensuring compliance.
However, what is more alarming about the statistics on UK preparation, is that many suppliers outside of the EU are going to be directly impacted by the legislation. It is likely that many suppliers will have little or no cognizance of the impact of this change.
The fines for a breach can be staggering. For companies outside of the EU, their geographical location may mean little in litigation evasion terms. It may also exert direct pressure on supplier contracts if they seek to provide goods or services in to the EU that involve privacy data. Elizabeth Denham’s quote implies everyone.
It may also change the competitive landscape as those suppliers outside of the EU who provision for the GDPR may be perceived as a risk reduced implementation option.
What do we think will happen? May be something, may be nothing. If we could predict with any accuracy – we would become wealthy overnight.
Over a series of simple posts, we will look at some of the core building blocks of the Regulation and perhaps point out where sourcing professionals need to do stop and think about their own operations. We would also suggest that no one wants to become the precedent case for a breach.
Like many elements of business, we aren’t a legal firm – our advice is that if you think you are going to be impacted by GDPR – we strongly recommend that you seek appropriate legal advice.