GDPR Insights from the SQL Server Conference
It is quite unusual that a topic like GDPR hits the floor at an event as the SQL conference, where the focus is on “how to do things”. It was therefore intriguing for us to see a large number of IT specialists listening in at 5:30 pm on a topic that deals with the “what we have to do to be compliant”. The reactions were wide spread: from “oh, something is coming” all the way to shock “how are we supposed to manage this?!”. What it really boiled down to was the following: For large companies and corporations it is a challenge, but doable – despite the fact that a significant number has not done anything so far. But what about the midsize and smaller companies, who frequently are on the 3rd party service provider and data processor side? It does not help them to be confronted with a horror scenario such as “penalties of 4% of the annual revenue”. What we have to offer is a scalable pragmatic approach, that on the one hand ensures compliance, but on the other hand balances the requirements to a level that can be managed by these companies. They need support to define and operationalize processes and procedures, yet at the same time ensure minimal impact on daily operations. And this is where the big challenge lies for the future: Establishing a GDPR framework which is compliant and resilient! It will not help to throw in resources now to reach the objective “GDPR readiness established by May 25th” – because there’s a life after that day – and then the test of time will start. So in sum, it was confirmed that GDPR is not just yet another compliance program, but it is a massive organizational change program. In the future, companies will have to act differently and therefore have to think differently. And they have to organize themselves differently. There is a steep path ahead of them, but the willingness to change will make it manageable.