"We can expect a lot of teething problems and some significant compliance failures coming to light over 2018/19."
Organisations are heading into the 'wild west' as UK hits peak GDPR frenzy.
Organisations must take greater care in choosing General Data Protection Regulation (GDPR) compliance partners and must make sure that the right balance of legal and technical delivery skillsets are in place, according to ST2 Technology. A failure to do so will inevitably lead to significant compliance failures after the new regulations take hold.
The non-prescriptive nature of the regulations has created uncertainty and a lack of clarity in the market. As such, there has been a sharp rise in assessment kits and non-specialist consultants offering advice to organisations on how they can ready themselves, despite not necessarily having the relevant and appropriate experience.
Richard Hannah, Head of Consulting at ST2 Technology, said: "Organisations are running headlong into GDPR to get prepared for when it comes into effect on 25 May 2018. However, there is an equal and opposite rush from consultancies to fill the market void, leading to untested and potentially incorrect approaches to ensuring compliance. We can expect a lot of teething problems and some significant compliance failures coming to light over 2018/19.
"For many consultancies, customers looking for partners to help them become compliant with GDPR is the equivalent of a new gold rush--however, less speed and more haste should be the mantra as we all work with the new data landscape now coming into view.
"Organisations must recognise that GDPR is not just about company records, data and processes, it is also about the law as it affects an organisation's commercial arrangements, technology, risk management and a company's ability to transform operations to maintain compliance."
ST2 Technology has built its Assessment, Compliance and Transformation (ACT) framework--which provides comprehensive analysis, planning and implementation of technology--in order to help organisations identify and address any GDPR compliance gaps.
The framework starts with a comprehensive analysis of an organisation's readiness against the new legislation. This assessment covers contractual elements, process, technology and legal readiness. A gap analysis is then created and delivered to management. This is followed by a compliance roadmap that provides a detailed plan to eliminate the risk within the organisation, encompassing contracts, operations, legal and technology.
The ST2 framework then identifies any technology performance issues that may require additional safeguards. Finally, the plan is executed, led by ST2 consultants who work with in-house teams to deliver the transformation phase.
"The ACT framework manages every aspect involved when it comes to achieving compliance; we provide, planning, implementation and optimisation of technology, and even the provision of tools, training and software solutions to...