The Five Myths Of GDPR.

The Five Myths Of GDPR.

By Frank Krieger, Vice-President, Governance, Risk and Compliance, iland





May 2019 will mark the first anniversary of the General Data Protection Regulation (GDPR), and early numbers make clear that its implementation has been a success as a breach notification law. As such, GDPR has affected multiple aspects of a business. It has created increased requirements for businesses to deal with issues such as security, compliance, data ownership, training and data management. The new regulation will require, for many of businesses, a fundamental change to their internal processes and ongoing focus on compliance.


There are several myths around who manages data inside an organisation which have been challenged as a result of GDPR regulations. From the shift from an IT-centric to a business process owner model, to educating internal teams and reviewing tools, here are the top five myths around management of data that GDPR effectively busted.


Data Management is an IT function


Data management used to be solely an IT function but, since GDPR came into force, organisations have been increasingly realising the criticality and value of their data assets. This is why the data management function has become a business and IT function. It requires a full commitment by every organisation to build data protection into its culture and all aspects of its operations, from support through accounting to product development. The GDPR is not specific to just IT, it must permeate all aspects of the organisation to ensure a culture of data privacy is built.


Business organisations have always been familiar with data management


Since the new regulation made data management a business, not just an IT, concern, awareness around GDPR needed ..