The original title was supposed to be “in bed with GDPR”, but it might have been a little too clickbait 🙂
Anyway, short post today, but an important one, I think.
To be honest, I feel like screaming everytime I see/read/hear someone telling me that “we need to have a GDPR offer/business/thing”. Alright, it is a buzzword, and I have to live with that. I have made my peace with AI, Blockchain, Big Data, IoT , Cloud, etc. But I still struggle with GDPR. Here is why.
First this policy is a very important one in Europe, and will impact every business that comes anywhere close to us. You cannot ignore it. And every company has to look into it and find out what is needed to be compliant.
Second, the deadline is looming, but the national law for France is not yet in application. There is a text that is discussed (https://www.legifrance.gouv.fr/affichLoiPreparation.do;jsessionid=?idDocument=JORFDOLE000036195293&type=contenu&id=2&typeLoi=proj&legislature=15) but there might still be many changes before the law is applied in France. That means that we should hurry to wait, but be prepared… tough one.
Last, and most important, and the main reason of my screaming : it is mostly a question of law, for lawyers. Sure IT has to get ready to comply, but most of the consulting and debating and discussing has to be managed by law experts, which will be the right people to understand what it will mean to be compliant.
Sure an IT company can get some services in place, offer some broad suggestions and consulting. But without a lawyer, trained for that (and a proper written and voted law…) our job is almost meaningless.