skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration

Ovum view

Summary

For enterprises struggling to meet the May 2018 deadline of the EU's General Data Protection Regulation (GDPR), many of the complicated requirements for data may seem out of reach. Realistically, it is unlikely that the majority of organizations will be fully compliant by the initial deadline. This, however, is no reason to reduce the amount of effort or resources put in place to meet these requirements, even if the organization is behind schedule. As is the case with any major regulation, documentation of the efforts made to reach a compliant state are nearly as important as meeting the requirements themselves, because they provide a record of the rationale, intent, and strategy that went into the process of meeting those requirements. Carefully cataloging this journey demonstrates good intent, and provides insulation for subsequent regulatory action.

Documentation of compliance efforts = regulatory protection

The compliance journey – and its careful documentation – is just as important as achieving compliance, particularly for sweeping and complex regulations such as GDPR. Regulators want to see that a company is doing its best to meet requirements nearly as much as they want to see absolute compliance; a company that consistently demonstrates the desire and effort to do the right thing (and has documentation to support it) will fare better under regulatory scrutiny than a company that has haphazardly implemented uncoordinated attempts to meet compliance goals. Thus, it is important to start documentation early in any compliance effort and to ensure that it is continued well through the initial deadline, keeping track of everything from committees and roadmaps to the internal structured processes used for reviewing these initiatives. The more detailed and complete, the better. As long as the organization has acted with good intent in its efforts toward meeting regulatory requirements, these efforts to document the journey can only help the organization later on.

One of the reasons that documentation is so important is because it demonstrates a sustained strategy in incorporating overarching compliance principles into business practices, rather than rushed implementations of disparate technology or tools to meet a single requirement among many. There's an argument to be made that a business behind schedule for meeting compliance goals but whose approach is methodical and well-documented will actually fare better in the long run than a peer organization that meets specific requirements by haphazardly implementing point solutions; the latter primarily uses money rather than strategy to reach its goals. While a mix of technology and policy is to be expected in meeting GDPR requirements, the rationale that goes into technology purchases is nearly as important as the tools themselves: enterprises must ensure that the tools not only help meet GDPR requirements, but ideally serve other value-add business objectives as well.

Priorities, too, will often have to be established, and need to be documented within a holistic compliance effort. For GDPR, many organizations will find themselves short on time to meet requirements as the deadline approaches. Realistically, many firms are going to have to prioritize their GDPR compliance goals with respect to the deadline, and prioritize the data that they target for control. While this may not seem ideal in comparison to striving for full compliance, it may be more justifiable than a last-minute, uncoordinated rush to meet deadlines. The enterprise that finds itself in this position will be best served to stay the course, sticking closely to its predetermined plans, and documenting the steps that were taken to prioritize certain data or objectives over others. As long as good intent can be demonstrated, the enterprise will receive a certain degree of insulation from regulatory action.

Appendix

Further reading

The EU's General Data Protection Regulation, TE0007-001037 (August 2016)

EU's General Data Protection Regulation (GDPR) to have Greater Impacts on Enterprises, IT0018-001525 (April 2017)

Author

Paige Bartley, Senior Analyst, Information Management

paige.bartley@ovum.com

Recommended Articles

  • Service Provider Markets, Consumer & Entertainment Services,...

    MWC 2018 Highlights

    By Ronan De Renesse 27 Feb 2018

    Over 20 of our senior Ovum analysts and consultants attended this year’s Mobile World Congress in Barcelona at the end of February. In between meetings, briefings and presentations, our analyst team were blogging and tweeting about key developments, trends and rumors. Have a look through our daily MWC 2018 Highlights to find out what happened.

    Topics 5G AI IoT Cloud Payments SDN/NFV Smart home

  • Internet of Things

    IoT Viewpoints 2018

    IoT Viewpoints explore the IoT opportunity in 2018 and beyond. Download our latest e-book to get our newest collection of thought leadership articles on the emerging IoT trends, technologies and opportunities.

    Topics IoT

  • Consumer & Entertainment Services

    US pay TV: Is it facing an existential threat?

    By Adam Thomas 28 Mar 2018

    With US pay TV having endured the worst year in its history, thoughts have inevitably turned to the future. The likelihood remains that the immediate future will remain highly uncomfortable for everyone except the scaled multinational digital platforms.

;

Have any questions? Speak to a Specialist

Europe, Middle East & Africa team - +44 (0) 207 017 7700


Asia-Pacific team - +61 (0)3 960 16700

US team - +1 646 957 8878

Email us at ClientServices@ovum.com

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Call us at +44 788 597 5160 or email us at pr@ovum.com

Contact marketing - 
marketingdepartment@ovum.com

Already an Ovum client? Login to the Knowledge Center now