Beware the GDPR vaporware

NetApp’s legal head Sheila FitzPatrick on why companies can’t simply buy or outsource their way to GDPR compliance.

The EU General Data Protection Regulation – aka GDPR – comes into force as of May 25th, 2018. And frankly, if you haven’t started your preparations to be compliant yet, you are in trouble.

“People keep thinking they're going to give us grace period, we're already in the grace period. You've had two years to do something,” says Sheila FitzPatrick, NetApp’s worldwide legal data governance & data privacy counsel.

Though chasing every company for million-dollar fines isn’t the intent of the regulation, the threat of a bill equal to 4% of global revenue is very real, and one that blatant rule-breakers should be afraid of. 

“They're going to make poster childs out of the companies are not complying; they are going to put details on why they were fined, what happened, what they had and didn't have in the place. All it's going to take is one massive fine to make companies wake up.”

However, she adds, the data protection authorities do not want to hit every single company with a massive fine. They simply want organizations to show willing.

“They want you to show progress, they want you to show you're doing something. Maybe you don't have everything done; maybe you haven't figured out the right to erasure or the right to be forgotten, but you can't just sit back and say, 'it's impossible’.”

To continue reading this article register now

Make your voice heard. Share your experience in CSO's Security Priorities Study.