GDPR compliance a ‘cultural’ challenge, Airmic says
Written by staff reporter
Airmic has published a practical guide to GDPR, which sets out to simplify the potentially complex regulatory challenge of the latest EU data protection rules. It is written primarily for risk managers who, it says, are ideally placed to co-ordinate the response because of their wider perspective and touchpoints across the organisation.
The white paper, ‘GDPR Goes Live’, provides a step-by-step approach, breaking down a topic that might otherwise be overwhelming into manageable components.
It stresses the importance of cultural change necessary to respond effectively to the regulation. Data protection, it says, must become embedded in an organisation’s processes and the thinking of its staff if it is deal comprehensively with the challenges presented by GDPR.
To quote the paper: “Complying with GDPR is not a one-off project. An integrational, thorough and transformational programme is required that addresses how an organisation’s personnel, processes and systems handle personal data”
“It’s about moving away from seeing the law as a box-ticking exercise and instead to work on a framework that can be used to build a culture of privacy that pervades an entire organisation,” says Nick Gibbons, a partner at BLM, who acted a consultant to Airmic.
“GDPR is about so much more than just process,” says Airmic Research and Development Manager, Georgina Wainwright. “It’s about culture – about how an organisation thinks and behaves. It can be much less intimidating than it might seem at first sight. We hope this paper will enable risk managers see the light at the end of the tunnel.”