The content of the Consent and Transparency documents is fundamentally
important to any implementation, upgrade, or modification of any system that
collects, stores, and processes data. The principles and rules defined in these
documents must be embedded in these systems and associated processes and
operating procedures. Subtle changes or seemingly trivial re-wording of a clause
could have a huge effect on developers. We are developing NOW! Like many
companies we are debating the nuances of GDPR principles every day – talking
through consent and transparency and how to build systems to support these
requirements in great detail. Is it reasonable to expect companies to be ready for
May?
The ICO state that the GDPR has been in production for two years so there is no
excuse not to be ready on time. They state that regulation will start on day one
with absolutely no grace period. This does rather ignore the fact that key
documentation will not be available until well into 2018.
If anyone from the ICO is reading this then please read some of the other blogs –
look at the industry surveys – talk to a few SMEs and Micros - take notice of what
the industry is telling you. UK businesses are not ready. The documentation and
practical support required is not ready. If HMRC can adopt a ‘light touch’ when
implementation new tax rules then maybe ICO could do something similar rather
than just threatening regulation on day one.
I started 2018 full of optimism and excitement and already starting to feel a bit
grumpy!
Good luck all.