Today’s guest post is from Tony Bridger, an experienced provider of Procurement Consulting and Spend Analysis services across the Commonwealth (as well as a Lean Six Sigma Black Belt) who has been delivering value across continents for two decades. He is currently President of UK-based TrainingWorx Ltd, a provider of a wide range of Procurement and Analytic business training programs (inc. GDPR, spend analysis, project management, process improvement, etc.) and focussed short-term consulting solutions. Tony can be contacted at email@example.com.
It had to happen. In fact, almost inevitable really.
Within a week of the GDPR being implemented, the news story broke.
Without access to the full article on the UK Daily Telegraph Premium, it is difficult to assess the details of the breaches.
However … the response from a Commission spokesperson suggested that:
“The European Commission is not subject to the strict new data protection law that it has imposed across Europe”.
Well, no surprises there. Given no published EU Commission accounts and constantly changing legislation it does appear somewhat Orwellian.
Ironically, the approach that many EU member state governments have deployed specifically rules them out of breach fines. The Irish government being one. (Source)
There is some logic in this approach.
It makes little or no sense to fine public bodies –- after all, they will pay the fine, reach a point in the annual budgeting cycle where they have a significant deficit –- and be topped up by central government. Take funding from one hand, pass it back with the other.
The United Kingdom has chosen not to follow this option — yet. However, one could predict that it will not take long for prosecutions to occur given government departments track record of personal date and cyber security breaches (within the National Health Service for example).
Not much of a deterrent and a massive public cost to prosecute and collect a revolving door fine.
Like much legislation the EU creates, it is clumsy, lacks detail and confusing. But it’s the law.
Taking a far more cynical approach, the GDPR appears to be legislation that is a Tax Collectors dream ticket.
There is the pretence of “protecting the rights and freedoms of EU citizens” –- whereas the reality is that it is a foolproof way of collecting what is essentially a data-tax from businesses for breaches.
A classic case of a cast iron fist in a velvet glove.
Will post more if the story evolves.