Featured

Frozen: The GDPR remix

Infospectives service once again interrupted for some seasonalish tongue in cheek content.

As a follow up to…

Frozen: The InfoSec Remix

…it’s a data protection and GDPR attempt to karaokify another tune from this obsessively loved (or hated) Disney behemoth.

So, without further ado, may I introduce our CIO Elsa, DPO Ana, and bit parts played by faithful management consultants (a.k.a her parents)

Now why not hit play….

and read (or sing) along 🙂

Do you want a data RACI?

*******H2 2015*******

Elsa?

(knock, knock, knock, knock, knock)

Do you want a data RACI?
GDPR is on it’s way
Our privacy is pretty poor
Come out the door
It’s like you’ve gone away…

We used to talk about it,
But now we’re not
I wish you would tell me why…

Do you want a data RACI
It doesn’t have to be RACI…

Go away Ana

Okay, bye…

********H1 2016********

Brexit will help…see

Scope it, insure it, hope requirements go

********H2 2016********

Do you want a data RACI?
Just give me time to make some calls
Accountability is overdue
I’ve started talking to
The lawyers and big four…
(There my cash goes!)
I’m going slightly crazy
With the vendor FUD
And watching the months tick by…
(Tic-Tock, Tic-Tock, Tic-Tock, Tic-Tock, Tic-Tock)

********H1 2017********

I’m scared, it’s getting closer

Getting upset only makes it worse, calm down

No, don’t placate me, please, I don’t want to shirk this

********H2 2017********

See you in 2018

Do you have to go

You’ll be fine Elsa

********H1 2018********

(prolonged sounds of a company foundering in a data breach & investigatory storm)

********H2 2018********

Elsa?

Please, I know you’re in there
People are asking where you’ve been
They say discourage, the TV crews,
But they are here for you
Just let me in…
It looks like cyber cover, won’t pay for this
What are we gonna do?…

Do you want a data RACI?


So that’s what can happen after a snifter or two of mulled wine.

Just in case you were wondering, I don’t share the nihilistic view painted by GDPR Elsa and Ana, but I do recognise the mammoth challenges ahead. So putting the frippery aside…

…are you waiting on your board, your local data protection authority, or guidance from the EU?

At a recent conference I was struck by the number of people waiting for granular guidance from the EU on fine (and not so fine) points of the GDPR.

For example:

AND very specifically for UK folks:

  • Does Brexit mean you can duck it, (HINT: NO! The Data Protection Bill, when passed, will make GDPR provisions UK law) and if not, what in the name of regulation, privacy shield, BCRs, and legal recourse does that mean?

All things (if we’re honest), that shouldn’t stop us getting on with most pressing work.

What exactly are you waiting for?

In addition, regarding things like legitimate interest, definitions for high risk, and exceptions to breach notification timing, there isn’t and there will never be very specific guidance. We get some steers and thresholds caveated with advice to refer to local risks and our own estimation of harm. But does that really change the gaps we already know about, or the first steps needed to tackle them?

It’s all about building a bridge between IT, legal, and the business to grasp this GDPR bull by the horns. Making sure you can agilely make real progress with riskiest data crown jewels, while leaving space to hone things as requirements continue to crystalise.
Prevarication is comforting, until it isn’t any more, but we know you are largely powerless to crack on without one thing…

…so let me ask again:

Do you want a data RACI?

Some related Infospectives posts:

Opinion: The role.of automated data discovery in a GDPR programme

GDPR – The compliance conundrum 

GDPR – Now gaps are analysed, can your systems close them

Want to add to the discussion?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s