Well, here we are, close of business May 25th, and oh look!, the sun is still shining, the world is still spinning, and no one [decent] went out of business.
What we do have however is an indication of who the world’s biggest muppets are. For example:
…and the list goes on and on.
As if the barrage of ridiculous and utterly meaningless emails over the last few months wasn’t enough, the spectacular ignorance shown by these and many other organisations defies belief. The only good thing I can say about these weapons grade plums is that they are actually taking GDPR seriously. They DID something. The fact that they are needlessly damaging their reputations is apparently beside the point.
The phrase that springs most to mind was one I heard from my Mother when I was 5, she said; “David, it’s better to keep your mouth shut and let people think you’re stupid, because if you open it you’ll remove all doubt.” And while I am fairly confident she was not actually referring to me specifically [cough], it stuck with me, and is very relevant now.
Every single email you have received asking you to opt in …again, and every organisation who is now refusing to deal with the EU has shown their inexcusable ignorance of GDPR and data protection in general. Therefore, if I was a supervisory authority, who would now be on my radar? The hundreds of thousands of business who did nothing and I likely know nothing about, or the ones who got it all wrong and spammed my inbox or refused my patronage?
This is actually rather unfair if you think about it. They did actually DO something, but because they got it so horrendously wrong, they are now suspect. What else did they get wrong? If they can’t even figure out how to communicate to their customer base, what are the chances they can perform appropriate risk assessments? Or determine the correct lawful basis for processing, which directly impacts the relevant data subject rights?
The saddest part is that many of these organisations are likely holding their breath until next week to see if there is any fallout. If not, they will assume they’ve ‘dodged the GDDR bullet’ and do nothing else. These are the biggest muppets of all. Well, except for the ones who have done absolutely nothing, including READ the bloody thing.
The fact is that May 25th was never a deadline. It’s the date that everyone will point to in years to come as the day that privacy won. The day that changed how the world conducted business, the day that your personal data became yours to control. If you think that now that May 25th is over that you can go back to what you were doing before you have not been paying attention. You absolutely will suffer the consequences …eventually.
The only thing that you could do now to make things worse is to continue to do nothing. While the last 2 years has often been referred to as a ‘grace period’, it wasn’t, and any leeway you may have had prior to today is now gone. Every day that goes by from this day forward is a measure of the egregiousness of your non-compliance. And frankly you have no more excuses.
I see the next two years as the time in which the supervisory authorities will provide everything ANY business needs to meet the intent of GDPR. You may not have a clue now how to proceed, nor can you afford expert help, but you CAN read.
Read the GDPR, do what you can when you can, but for God’s sake don’t do nothing. This is the new world we live in, don’t be a muppet.
[If you liked this article, please share! Want more like it, subscribe!]