final thought
Head In The Sand
When it comes to GDPR, Mike Simmonds, managing director at Axial Systems explains
why it’s time for the board to stop passing the buck and ignoring the issue.
T
he General Data Protection
Regulation (GDPR) comes
into effect in the UK on
May 25 2018. Yet, many
organisations remain in
denial, with a typical mind set
being: ‘If I ignore it long enough, it
will probably go away’, or even, ‘I
don’t think it really applies to me’.
Ultimately though, any
business that holds personal data
about their customers, employees
or that runs a payroll is going to be
impacted by the regulation. That’s
54 | September 2017
because GDPR clearly applies to all
companies worldwide that process
the personal data of EU citizens.
There is a world of difference
of course, between understanding
that your business needs to get
ready for GDPR and making it
happen. There are likely to be
a raft of challenges along the
way. Many leadership teams
immediately baulk at the need to
put policies in place. Organisations,
and particularly their directorial
boards, often feel that they don’t
have the time, manpower or feel
the necessity to do this. But what
other options do they have?
Whose line is it anyway?
We are beginning to see legal
departments take on some of
the strain. The data protection
officer (DPO) role that for many
organisations will be a mandatory
requirement after May 2018 is
increasingly finding itself housed
within legal teams as another