The introduction of the EU General Data Protection Regulation (GDPR) from May 2018 will deliver a fundamental change in how personal data must be handled. Instead of being an afterthought, protections for personal data will now have to be designed into the very fabric of business operations and the technology behind them.
European data protection law has always been concerned with how technology operates, and indeed technology is the principal problem that this law is trying to solve. As such, it is obvious that, as well as being the problem, technology must provide the solution.
However, the way we often see data protection operate in practice tells a different story: despite being both the problem and the solution, technology systems have not been designed and deployed with data protection laws in mind.
A GDPR programme is complex and transformational in nature, as it will change the way the organisation’s people, processes and technology interact around the handling of personal data. Before it comes into force, data controllers and processors should re-examine and rebalance their priorities, in order to deliver the best possible technology environment for handling personal data.
To find out the steps to take to prioritise technology in your GDPR programme, download our latest report. For any questions or advice, please contact your usual PwC adviser.