It has become all too common that business initiatives
targeting infrastructural improvements such as Enterprise Architecture
& Business Modeling, Data Governance & Master Data Management, Privacy
& Data Protection are put on the back-burner or are totally suppressed in
favor of endeavors that promise monetary benefits in the short term.
Accordingly, few organizations are really
prepared for a timely response to requirements imposed by law or by
industry-specific regulatory authorities. Considering the usually moderate
fines for non-compliance and potentially little other consequences, delayed reaction
and acceptance of the risk to eventually be hit by the proverbial stick have become an element
of business calculation.
When conceiving the General Data Protection
Regulation (GDPR), the European Union (EU) obviously anticipated that a
non-negligible number of organizations would be reluctant to comply rather than making reasonable efforts. EU lawmakers have therefore replaced the penalty stick
with a sledgehammer right out of the gate (May 2018). In plain English, the EU's powerful
message says:
"If you, the organizations of the world, process personal data of our people, you have to respect the provisions of the GDPR, otherwise we will hold you accountable with fines of up to EUR 20 million, while in return we apply the same rules to our organizations when it comes to processing personal data of your people."
Not emphasizing nations or ideologies, but simply
putting people first, is not only a strong political statement, but a directive
that will change the way how business will be done in the foreseeable future. It is
a contemporary way of saying "the customer is king" while forcing organizations
to prioritize the long-due overhaul of their informational infrastructure.
Too
bad that we need lawmakers to remind us of what should have been common sense in
the first place.
No comments:
Post a Comment