GDPR is a Year 2000-style cash cow, warns GDPR legal expert Dr Kuan Hon
But contradictions and ambiguities in the GDPR might mean some claimed transgressions will have to be settled in court
Organisations should be wary of vendors claiming that their ‘solutions' will solve GDPR headaches, Dr Kuan Hon, a director of law firm Fieldfisher's privacy and security team, has warned.
"It is very much [being treated as] a cash cow and a lot of organisations are jumping on the GDPR bandwagon. Some are probably better placed than others, but the problem for a lot of organisations is actually telling the difference between the ones that know what they're doing and the ones that don't," warned Hon.
Some provisions of the GDPR are not as clear as they could be
She continued: "There is a lot of complexity, so some quotes could be very expensive, but on the other hand you might have really cheap quotes that offer a generic, cookie-cutter set of terms and conditions that are simply unsuitable for your business. So you do need some expertise to look at what is suitable for your business."
More than that, though, added Hon, there's many ambiguities and apparent contradictions in the GDPR that still need to be cleared up.
"There's quite a lot of them. There are different reasons why there's some uncertainty. One is that some provisions of the GDPR are not as clear as they could be, probably as a result of the political negotiations and the long period of time that it has been discussed [in the EU].
"The second is that individual member states can go their own way in some respects. So, of course, there are going to be some [cross border] differences. And I think another might be that there are some errors in the GDPR - not that many, but there are some errors.
"For example, the UK's information commissioner in the consultation on controllers, processors and liability recently pointed out one bit that was probably an error. So, all this, of course, can lead to a lot of uncertainty," said Hon.
Despite all this, there's a surprisingly degree of support for the GDPR among CIOs and IT leaders, according to Computing's own research.
Computing's research suggests that more than one-quarter of IT leaders are "very much in favour", while around half described themselves as "fairly positive". Not more than ten per cent were against it in any way, with only one per cent implacably opposed.
Christopher Strand, senior director of compliance and governance programs at security firm Carbon Black, suggested that, while the GDPR might appear draconian, it is nevertheless consistent with the direction in which data privacy laws have been going worldwide.
"The idea of building security around data and building security into your compliance policies is not a new thing. It's something that's been evolving for quite some time now. At the same, while there's that little bit of trepidation about how GDPR is going to be enforced, the idea of enforcing that against a framework or the convergence of security with compliance is not a new one.
"That explains why IT leaders are fairly positive. They understand that this is a continuation of that convergence between compliance regulations, mandatory regulations and security policy. Whereas they are a little unsure about the first steps because they don't know how to apply the framework to something like the GDPR.
Kuan Hon is an expert on the General Data Protection Regulation, and has written a series of guides for Computing on the subject, covering not just the forthcoming GDPR, but some of the other data security and privacy directives that are on the way. Part one can be found here
To find out more about forthcoming Computing summits, IT Leaders' Forums, IT Leaders' Dining Clubs, web seminars and other events, please check out our dedicated Computing Events website