The Grief of GDPR Compliance

Written by Sean Luke, CIO for the Universities Sector, BT on 23 April 2018 in Sponsored Article
Sponsored Article

Sean Luke, BT's CIO for the Universities Sector, on the strange parallels between GDPR readiness and grief

I’ve undertaken a crude mapping between GDPR and the five stages of grief, but it’s not that straightforward because GDPR is ‘consequence-based’ by design whereas grief tends to be more ‘situation-based’. The approach to GDPR compliance, I would suggest, should also be consequence-based – consequences for the organisation, the citizen, and the ecosystem.

I thought it would be useful to think about the parallels between GDPR and grief as a way to determine how prepared your organisation is for compliance. The five stages of grief are Denial: “Tell me it’s not happening!”, Anger: “Why are we diverting so much resource onto this!”, Bargaining: “Can we reduce the scope?”, Depression: “It’s too hard, we’ll never get there!”, and Acceptance: “That wasn’t so hard, I feel better about it now”. 

I’m sensing a growing anxiety within customer organisations about GDPR compliance and how they will achieve it. The reactions are not dissimilar to those of someone dealing with grief and not everyone goes through all five stages. The parallels are less about an organisation’s technical and procedural perspectives and more about cultural and political ones, in other words: people’s fears, priorities, and attitudes.

GDPR regulations provide important safeguards for citizens, reflected in the strict penalties enforced for non-compliance. Since citizen data has slowly migrated from paper to punched tapes, floppy disks, magnetic tape, hard drives and fluffy cloud enigmas, we’ve witnessed a steady stream of data handling outtakes in public and private sector organisations leading to serious consequences for citizens. In the main these manifest as ‘data loss’ – a convenient term for rank incompetence and a useful device for diluting public perceptions of the real impact.

GDPR won’t make organisations accountable for all data mishandling consequences but it is a major step forward in holding public and private sector organisations to account in ways they can’t ignore, so it’s vital that they are as prepared as possible.

I used to spend a lot of time preparing for ISO9001 quality audits and, looking back, I now recognise a similar sequence in how my organisation got to grips with compliance back in the 1990s. My current organisation is somewhat better ‘tooled up’ for compliance and we’re helping customers come to terms with what it entails and how to achieve a smooth passage without the grief.

What do you think? Is this mapping a good way to assess compliance readiness in your organisation?

For more on GDPR, download BT's latest report Dealing with the new EU General Data Protection Regulation

Share this page


Related Articles

Are government's major tech projects on track?
20 September 2019

The annual report on the Government Major Projects Portfolio includes assessments of a range of big-ticket IT initiatives. We take a closer look at three experiencing differing fortunes

Minister praises GOV.UK response to Brexit
20 September 2019

Simon Hart says GDS has reacted quickly and effectively to impending EU exit

GDS boss looks to work closer with Treasury on project planning
20 September 2019

Alison Pritchard says organisation would like to be involved at an earlier stage of projects

Related Sponsored Articles

The age of virtualisation
17 September 2019

After more than 20 years of stability, networks are going through a period of dramatic transformation. BT looks beyond the hype at the real benefits of virtualisation.

Digital Transformation: Connecting and protecting with perfect predictability
10 September 2019

How can you stay ahead in the fast-paced world of digital technology? BT describes how it's a matter of focus... 

How to stay ahead of a changing threat landscape
3 September 2019

The security threat landscape is confusing and changing rapidly – there’s so much out there, how do you understand where the true risks are? BT offers insight from their own experience

The cyber security skills challenge: Hiring for tomorrow
27 August 2019

Organisations must alter their approach to cyber security recruitment in order to combat the global shortage of security professionals, writes BT