Content Copyright © 2016 Bloor. All Rights Reserved.
I don’t know about your inbox but mine is rapidly filling up with offers of webinars, panel discussions, roundtables, breakfast briefings and papers about GDPR, the EU’s General Data Protection Regulation. I am sure (well, maybe not) that all of the vendors concerned have a useful story to tell, but judging from who is sending out these invitations they are all pretty much niche players. Admittedly, some of these are decent size niches but none of the suppliers I have heard from are likely to take a holistic view of GDPR. For example – and naming no names – if you are a specialist in securing data inside Hadoop, then you are not going to be too interested in the identification of personally owned data (the issue at the heart of GDPR) within a DB2 implementation, for example.
Now, my colleague David Norfolk has blogged generically about GDPR (see http://www.bloorresearch.com/blog/the-norfolk-punt/disruptive-gdpr/) and I have blogged about the impact of GDPR on application development as a guest blogger on CA’s website (see https://blogs.ca.com/2016/05/05/gdpr-and-its-implications-on-testing/). No doubt we will be contributing more blogs on this subject in due course. However, there are a number of things to bear in mind here. Firstly, you have a couple of years to ensure compliance. Secondly, vendors – especially business intelligence and analytics vendors – will need to implement relevant features in their products that specifically support compliance, so you should not be entirely on your own with respect to compliance. And thirdly, compliance is going to be a strategic issue for organisations and not something that can be quickly fixed by any of the offerings referred to in the previous paragraph.
Here at Bloor Research we have set up a task force of our own, including analysts, consultants and a legal advisor, and we are preparing a white paper that will describe the issues that derive from GDPR and what, from an IT perspective, needs to be done about them. By all means listen to or attend one of the briefings in your inbox but bear in mind that the vendors involved are looking for a quick tactical sell and are not likely to be considering GDPR either holistically or strategically.