GDPR is Damaging Us!
Updated: Apr 27, 2018
I should start by saying that, at Utilus, we are all in favour of GDPR and the positive changes it should bring to both EU and, eventually, Global Data Protection.
However, as the infamous implementation date of the 25th May 2018 looms large, it's starting to highlight a real issue with how we serve our clients in the Risk community.
In the past 4-6 months you can't seem to glance at LinkedIn or attend a networking event without receiving a consistent hard selling of GDPR consultancy; using tactics not seen since Y2K.
If we ignore the scare tactics for a minute, it has also been concerning to witness the sheer variety of businesses who now appear to be 'experts'. Utilus has even been approached by various Media organisations, Marketing companies and Law firms (from unrelated legal fields) who have become self-proclaimed oracles in GDPR consultancy support.
Although talking to them can be amusing, it doesn't mean it's harmless. Some clients will be purchasing advice from these unqualified parties after an over-emphasis on 'definite legal action', following the 25th May 2018. Now, whilst we all know that the potential for fines under the new system is a useful incentive for change, should they fail to materialise early on, then a 'fear based' and 'strong armed' sales approach instantly undermines the vendor's reputation.
This is not a consideration for any vendor who is dabbling in risk, in order to take advantage of the fear of GDPR. But for those of us who base our careers in this sector, these amateurs pose a very real threat to all of our reputations.
It would be too easy to say that any subsequent legal and regulatory issues, that may arise, are their fault for procuring poor advice. However, the hard truth might be that this situation is actually our fault as a sector.
GDPR is simply highlighting how fractured and 'discipline' silo'd the Risk community currently is. When we solve 'discipline specific' areas for our clients but diminish other risk areas as 'irrelevant', then our lack of professional cohesion was bound to come back to bite us at some point.
Maybe, these new GDPR 'gurus' will help us finally realise that all disciplines have a place in our sector?
The 25th May 2018 could be a watershed moment as fines, following poor advice, may be imposed on the clients of these charlatans. It might actually show us all that having a more holistic view of risk, and being less disdainful of other disciplines, could actually help to finally regulate this sector as a whole.
As it's only by coming together that we can reduce this kind of second-rate business opportunism that permeates our industry.
This issue has been grossly exaggerated by the run up to GDPR but, if we're honest, we've always known it's existed.
Now, we may have missed the boat this time but as a community we should at least aim to get our house in order for the next 'GDPR event'. This would not only benefit our professional reputations but would ensure clients are advised correctly on all areas of risk and without bias.
However, in my opinion, the most immediate benefit would be to send the Marketing companies back to their day jobs!