Frozen: The GDPR remix

Infospectives service once again interrupted for some seasonalish tongue in cheek content.

As a GDPR career change related follow up to…

Frozen: The InfoSec Remix

…it’s a data protection and GDPR attempt to karaokify another tune from this obsessively loved (or hated) Disney behemoth.

So, without further ado, may I introduce our CIO Elsa, DPO Ana, and bit parts played by faithful management consultants (a.k.a her parents)

Now why not hit play….

and read (or sing) along 🙂

Do you want a data RACI?

*******H2 2015*******


(knock, knock, knock, knock, knock)

Do you want a data RACI?
GDPR is on it’s way
Our privacy is pretty poor
Come out the door
It’s like you’ve gone away…

We used to talk about it,
But now we’re not
I wish you would tell me why…

Do you want a data RACI
It doesn’t have to be RACI…

Go away Ana

Okay, bye…

********H1 2016********

Brexit will help…see

Scope it, insure it, hope requirements go

********H2 2016********

Do you want a data RACI?
Just give me time to make some calls
Accountability is overdue
I’ve started talking to
The lawyers and big four…
(There my cash goes!)
I’m going slightly crazy
With the vendor FUD
And watching the months tick by…
(Tic-Tock, Tic-Tock, Tic-Tock, Tic-Tock, Tic-Tock)

********H1 2017********

I’m scared, it’s getting closer

Getting upset only makes it worse, calm down

No, don’t placate me, please, I don’t want to shirk this

********H2 2017********

See you in 2018

Do you have to go

You’ll be fine Elsa

********H1 2018********

(prolonged sounds of a company foundering in a data breach & investigatory storm)

********H2 2018********


Please, I know you’re in there
People are asking where you’ve been
They say discourage, the TV crews,
But they are here for you
Just let me in…
It looks like cyber cover, won’t pay for this
What are we gonna do?…

Do you want a data RACI?

So that’s what can happen after a snifter or two of mulled wine.

Just in case you were wondering, I don’t share the nihilistic view painted by GDPR Elsa and Ana, but I do recognise the mammoth challenges ahead. So putting the frippery aside…

…are you waiting on your board, your local data protection authority, or guidance from the EU?

At a recent conference I was struck by the number of people waiting for granular guidance from the EU on fine (and not so fine) points of the GDPR.

For example:

AND very specifically for UK folks:

  • Does Brexit mean you can duck it, and if not, what in the name of regulation, privacy shield, BCRs, and legal recourse does that mean?

All things (if we’re honest), that shouldn’t stop us getting on with most pressing work. Even UK friends, because our ICO Elizabeth Denham has the bit between her teeth. She’s on a mission supported by the current government to see UK law aligned with the GDPR, no mater the hardness or softness of other Brexitish things.

What exactly are you waiting for?

In addition, regarding things like legitimate interest, definitions for high risk, and exceptions to breach notification timing: Do we really think any granular definitive guidance will come out? We may get some broad thresholds caveated with advice to refer to local risks and our own estimation of harm, but does that really change the gaps we already know about, or the first steps needed to tackle them?

screen-shot-2016-12-04-at-18-22-06Before I am pilloried by others with far longer specialist experience than me, why not check out Privasee and some of my CEO Karen Lawrence Oqvist’s LinkedIn posts. Of course that invites accusations of bias, and you would be right. I am biased towards accepting the uncertainty and beginning work that we can’t, in all conscience, wait to do. It’s why I joined the firm.

We’re all about building a bridge between IT, legal, and the business to help you grasp this GDPR bull by the horns. Making sure you can agilely make real progress with riskiest data crown jewels, while leaving space to hone things as requirements continue to crystalise.

Prevarication is comforting, until it isn’t any more, but we know you are largely powerless to crack on without one thing…

…so let me ask again:

Do you want a data RACI?

Want to add to the discussion?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s