“GDPR doesn’t really apply to us. We don’t work with personal customer data.” 

–      GDPR is the General Data Protection Regulation (EU Regulation 2016/679) that becomes enforceable by 25th May 2018. http://www.eugdpr.org

I kind of understand this view, because topics such as digitalisation, Internet of Things (IoT) or Industry 4.0 already stir up the engineering industry. And let’s be fair, developing new business models with new connected devices, providing new customer services based on innovative data analytics or becoming more efficient using mobile devices is way more interesting and sexy than data protection.

In my view however, this approach is risky. E.g.: GDPR does apply, if you store data from a person who is based in the EU. This can be a customer, ex-customer, supplier, ex-supplier or an employee or former employee. Personal identifiable data (PII) can be simple things like name, email address, photo, post in a social network or even an IP address. It depends on your business and information management architecture. So, in my opinion the chance, that you don’t have to comply with GDPR is quite small.

>> And yes, it is true, I am a business consultant and project manager, who is interested in making business and I probably can help you in becoming GDPR compliant. <<

What I currently see is, that companies in heavy regulated industries, such as banking, pharmaceutical or insurance are already working intensively on becoming GDPR compliant. Companies whose main business does not focus on personal data seemed to be less concerned about this topic, despite potential fines of up to 4% of annual global turnover or 20 Million Euro (depending on what is higher).

Is there a need to panic? I don’t think so. But as a business owner, I would want to be prepared and I would want to know what to do, in the case of an event.

Read more