GDPR & Big Data projects, Class Action suits and their risks should be on the mind of Every C level & Board member. I personally expect ‘enterprising’ firms to cash in on the growing discontent citizens that are dealing with the inability of corporations to keep their personal data safe from hackers or internal theft. It won’t be external Governments and Regulatory Fines that pose the greatest threat in these areas, but our own Legal system. If one suit is successful, imagen the onslaught that might follow, just like it has the pharmaceuticals and Auto industries.
How will the courts determine if you have properly performed your Fiduciary Responsibility or fulfilled your “Duty of Care”, when legal groups organize ‘Class Action’ lawsuits against your company? Will they also direct attention to your role in allowing the theft of your customer’s personal data? It’s hard to claim one has not seen it on the news or read about Data Breaches on a daily basis or hear about out to coffee and meals with others.
If a company doesn’t complete a DPIA and Remediation plan prior to a Data Breach, what can their defense be in court? It will allow the plaintiffs to discover and acquire the data prior and at the time of the Breach and if that technology and technologists shows obvious, and possible major neglect that will not bode well or give wiggle room for the defense.
Here is what I recommend if you wish to protect your company and your own confidence in retaining the volume and trust of you Customers by showing them, you’ve set out to protect their Personal Data. GDPR is finally being enforced by the EU and they may fund more aggressive efforts using fines collected.
Another major concern of companies and for some reason maybe more than GDPR, is the California, Consumer Information Act, even though it does not come into effect till 2020, Seems companies fear great and quicker enforcement and the ability and expectations of large numbers of class action suits that will be encouraged for the fines seem lower for they are per person and transaction but in large groups could add up to or even exceed GDPR fines.
- Find an individual or company that is capable of providing a Data Compliance Expert with in depth knowledge of technologies, Architectures and methodologies designed specifically for Data Compliance. Don’t look for legal GDPR knowledge alone! What value is knowing the law if you have no idea how to change your IT practices and applications in order to comply with the regulations. I believe there are less than 500 individuals in the world that have intellectual and technological capability to assist in becoming even close to GDPR compliant within years if ever. Some have technology that shared, might significantly improve your compliance efforts (percentage of completion).
- Many of these Experts are reluctant to be presented through other firms primarily consulting companies versus staffing augmentation firms. Consulting Firms Services as well as Employment contracts place the worker and their existing intellectual property rights (inclusive of but not limited to, Patents, Copyrights, learned Intelligence in the past) in jeopardy. So, I recommend you conduct a search that is not limited to consulting firms and post your companies jobs on boards like Monster or LinkedIn, or Indeed and specify you are seeking a direct hire for your Company as to not be considered my many of the few available resources of value.
- If you are successful, and find that expert, then consider how to augment your corporate efforts with available outside assistance.
- Once a team is in place with its qualified leader, complete a Data Protection Impact Assessment and Remediation Plan as quickly as possible. Make sure you have plans that allow this process to be continually updated as new data is constantly being added to your data production environments or updates by employees, IoT, Third party feeds, Internet Orders, ATM transactions …
Now for some Good news.
- For at least the next year, Law firms and EU regulators are at a great disadvantage in demonstrating whether or not you have protected (encrypted) your customer’s personal data or have left it vulnerable to Hackers and internal thieves and the timing and latency of the exposures and possible knowledge and lineage as well as all the locations that Unprotected Customer Personal data was at the time. HOWEVER, there are products that are now emerging that can be implemented very quickly and process scales of data of all size and magnitude, so your window and latency of safety will close as soon as one of these entities becomes familiar with and deploy the new technology, are have it ready now.
- Many companies are more concerned with California Consumer Privacy Act than with GDPR as they feel the USA customer and the State of California will push harder for enforcement.
- The technology that is emerging now or already exists for GDPR will change the dynamics of Data Compliance Regulations, worldwide. But you still have some time to prepare for say the CCPA, as you’re almost a year late and still years behind on GDPR, as I see it.
Now for some Real BAD NEWS for Companies;
Law firms are already involved in Class Action suits against companies for GDPR non Compliance and the harm they are threatening is the same as the Maximum that can be imposed by the GDPR themselves and this doesn’t come close to the financial markets punishment of some of these Companies.
- As all large and Reputable law firms know cases are won on the merit of the laws and the testimony of the most credible witnesses and evidence.
- Since I already stated I believe there are less than 500 experts in the world with intellectual and technology capability in the GDPR and Compliance Space, and with zero unemployment and a shortage nearing 3.5 million in Cyber Security, and said to be nearing 2.5 million in Data Management, fighting for the top few witnesses (and even less with Technology) to defend your company may be very problematic as the law firms may have already brought them on board to make their case, a case you would probably not be defending that could cost you millions or more, if you just hired their expert(s) first for say 200-300K and not be in court in the first place.
- The People Experts today that will soon be Companies of Experts that can come in to court after receiving court ordered records/documents and most importantly data discovery requests from the time of these breaches;
- This data and many of documents will be run through specific technologies, now available on the market, but parts of this technology in a VM or other form will be soon dedicated to Law Firms and to the courts and has been offered to the EU GDPR and ICO, but no comments back from either.
- This will be a near 100% differentiator to the facts of Data Breaches as much as the phenomenon of DNA was to evidence in the courts, inclusive of Biometrics Information.
- Now In my Honest Opinion one of today’s only savor to the major companies (so they thought) was for smaller processors acting as their processors (as to attempt to avoid several legal ramifications) that by the way will fail for the Producers IMHO have a Fiduciary responsibility to send 100% of the Requirements of the EU GDPR of Proper Consent along with such data to third or other parties as the Processors and will not avoid the ramifications, legal and financial responsibilities of the Producers also.
Contact 847-791-7838 or see a series of videos on YouTube of supporting like technology.
Recent Accomplishments on this channel:
Amazon AWS Marketplace : https://aws.amazon.com/marketplace/seller-profile?id=268f94cf-c1d6-447c-91b9-8c74372af5be
#GDPR #Data #Privacy #Protection #PII #AWS #Azure #Hadoop #Apache #Java 8 #Resume #Hiring #DPIA