In the final post of our series aimed at debunking myths around the General Data Protection Regulation (GDPR) that comes into effect today, I invite you to exhale.
Myth #4: You must be 100% compliant by 25 May
Most deadlines are like train announcements: Useful information for the periphery of your mind. Others are like ticking time-bombs in the collective consciousness: Cinderella at midnight, Y2K, and end-of-world prophecies.
Rumours about the GDPR deadline have certainly placed it in the latter category. But while achieving 100% compliance by 25 May was a goal for some of us, the preparations for it have unveiled something else, more profound.
Unlike a box-ticking exercise or one-time stress test, GDPR compliance is, in reality, a journey, not a destination. This makes it all the more significant. Although you should have a robust data privacy program in place by now, 25 May signals the start of transformative corporate behaviours around data protection and data security. It's not a day in one’s life. It announces corporate change on a large geographic scale.
GDPR’s real value resides in ever-evolving and adaptive ways of ensuring good data protection practices, on-going compliance and continuous improvement.
So don’t think it stops here. 25 May is the day to look ahead, to continue building a framework, and to promote a culture of privacy within your organisation.
Privacy matters; today, tomorrow and for the foreseeable future.
Blog Author: Christel Cao-Delebarre, Global Privacy Officer, Carlson Wagonlit Travel