Financial Compliance by Unknown

Author:Unknown
Language: eng
Format: epub
ISBN: 9783030145118
Publisher: Springer International Publishing

Engage with (or create) a Data Protection Office (DPO).

Ensure the Executive Leadership Team (ELT) and Risk Committee of the Board (or equivalent) is kept informed regularly.

Given the degree of transformation programmes being undertaken by businesses currently and the impactive nature of GDPR, many organisations have embedded their GDPR projects squarely within their overall business change portfolios.

As companies have worked to transfer GDPR activities into operational (or Business as Usual, BAU) areas and processes of their organisations, they have found challenges in the running of the Regulation that were not as apparent during the change element of readying for compliance. These challenges are discussed later within the section on how companies are aiming to achieve practical compliance.

The resourcing of projects through 2017–2018 has been challenging as demand far outstripped supply for GDPR specialists. This deficit created a vacuum which was filled with individuals and organisations who overnight became compliance and privacy specialists. Some organisations fell into the trap of appointing anyone who imprecisely matched the job requirements and has since suffered from the realities of a credible GDPR specialist, uncovering poorly executed projects post-peak-demand. It is worth noting that a GDPR programme may have been declared “achieved” only for a BAU team to discover the situation required significant additional budget to remediate.

The wide availability of qualified GDPR practitioners also caused—and continues to cause—confusion. Although the EU is considering accreditation schemes, there is no official GDPR certification currently (Froud 2018). However, alignment with standards including ISO SO/IEC 17024 (International Organisation for Standardisation 2018) does at least provide a degree of credibility.

In budgeting for GDPR, industry was polarised between those companies who prepared and budgeted early (typically large international companies) and those who either left financial concerns too late or not provided for at all.

Cross-referencing and comparison of approaches was significant during 2017 but reduced through 2018 as organisations “knuckled down”. Interestingly, this also appeared to be a factor of business leaders realising that GDPR could also be a competitive differentiator. The need for suppliers and service providers to ensure they were GDPR compliant during prequalification and tendering process has sharpened their general approach to providing information to prospective clients on Information Security provisions, data strategy and historic incidents. In one difficult scenario, the current chapter contributor came across in late 2017, a housing management company removed a potential supplier from its long list after it transpired the supplier had not yet considered GDPR, let alone made provisions towards compliance.

Across vertical markets and sectors, the approach to achieving GDPR has not varied materially. The nuances of each industry are of course important and Regulators such as the ICO have helped guide sectors through working with industry bodies and represent organisations. An example is in the not-for-profit sector in the UK where the ICO engaged strongly with charities to ensure that areas such as consent and vulnerable individuals were accommodated thoroughly (ICO 2018b). The ICO also undertook a survey of eight selected charities in which it found a combination of good practices, but also noticeable improvements needed (ICO 2018c).

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.