Mention the UK and the EU right now you’ll almost certainly hear about Brexit. Organisations pondering life outside of the EU may be forgiven for not being totally up to date with the details of the GDPR.
Take a journey back in time with me to 1963. Britain was trying to get into the six member club that was the EEC. General De Gaulle had just given his first ‘non’ because of a perceived lack of commitment to the principle of the community.
In the same year Richard Mayne the personal assistant to the first President of the EEC said
“On the principle that ‘the devil is in the details’, what should have been a merely formal occasion developed into a debate about the Community’s official languages and the site of its headquarters”
It’s arguable whether De Gaulle was proven right in the end, but if the GDPR is anything to go by Mayne was spot on.
The problem is that despite the 99 Articles, the 173 recitals and the hundreds of pages of guidance there are still plenty of places where the regulations must be interpreted. There is discussion about how case law will develop around these blank spaces but who wants the be the name on the court case?
For organisations who are moving towards compliance a judgement must be taken on how to proceed in the world away from the ‘Eurocrats’ (reputedly another Mayne invention). There is a balance between being able to deliver service to customers, keep their information secure and avoiding enforcement action.
The 25th May is not going to be the end of the process by any means. We’ll all be adjusting our view of what the regulations really require for some time to come.
If you want help understanding what the GDPR means for you click here