GDPR 2.0: You Thought It Was All Over…

25 May

GDPR 2.0: You Thought It Was All Over…

Duncan Brown
Research Director, European Security Practice
Read full bio  @duncanwbrown

What? You thought that GDPR was over by May 25th, and you never wanted to think about it again? Sorry folks, but we’ve just had the taster.

Firstly, the bad news. GDPR is not a one-time project. Many organisations have approached GDPR like a crash diet. Move a little more, eat a little less, reach your target weight. Typically, most of us recognise, we revert to old habits, eat that cake, lounge on the sofa.

GDPR requires more of a lifestyle change. Building diet and exercise into your daily routine, so it becomes habitual. You don’t even think about whether to do it, it’s now part of what you do, and who you are. GDPR is here to stay. A CISO recently told me that his organisation was “manually compliant,” a delicious phrase that encapsulates the challenge. It’s one thing to be compliant with GDPR: it’s a much bigger stretch to be operationally efficient in compliance. So complaint you don’t even think about it. Compliance baked into everyday business as usual. A “Compliance Exemplar” in IDC’s GDPR Readiness Framework.

Most firms are nowhere near this stage. Even those that are in a pretty good state know they still have a long way to go to bed GDPR into business processes and operationalise.

It’s the FIFA World Cup coming up in June. One of the most famous phrases in (English) sporting legend will be rolled out again, I’m sure. “They think it’s all over. It is now.” When it comes to data protection though, it’s more “They think it’s all over. It is now time for the replay.”


The IDC team is back at InfoSec once more, to share analysis, insights and forecasts for the European Security market. Register now to come and meet the  team for breakfast, discussion and debate on all things Security.

IDC’s Breakfast Briefing on 6th June – “The CISO’s TO-DO LIST”

// ]]>