Lately, there seems to have been an distinguishable uptick in the number of misinterpretations of the GDPR. Erring on both sides:
1. “Uhhh we weren’t aware of anything near the sort of detail about our apparently total non-compliance in a vast array of things we should have arranged for the most basic decent business conduct qua management control and information security (whereof, by what we say of it, we testify to have less than 8-grader understanding); but now are found out to not be sufficiently competent to run our organisation by a most cursory of DPA inspection, journalist pinch or data leak.” [No can’t be boffered to use <ol> in this post]
2. “We were so panicked by conniving deceptive consultants [oh and legalistic legal staff] pushing their tools (that showed they had no clue either about actual GDPR requirements and hunted for eager beaver tool’let use as the minimal but sufficient thing to gain compliance; almost as wrong as one can get it) that we decided to over-do it in a laughable way.”
1. of course is a shame, and how much proof does one need of outright incompetence to throw the culprits out?
2. is the same, in particular since it undermines the very achievement of organisation objectives through not delivering services where required (by law or by market). Fines have been slung around to counter this.
Both are shameful also since the GDPR was ratified already in 2016, with enforcement only per 25 May 2018 – to give all time to get in line with it, capice? So, did you waste that time ..? Did you think compliance was or is or will be something that only legally trained staff will understand whereas it’s almost exclusively the opposite with legally trained staff legalistically only being able to regurgitate legal texts with zero understanding of what you’d need to do and still a question mark should follow here ah there it is: ?
The solution is so simple, even the above-mentioned can use it: RTFM. Read the GDPR for once! It’s perfectly doable! Anyone who just opened the PDF, could see that the very articles of it are so clear and concise as one would dream any law would be. Possibly, when tested, this would be one of those few laws where the readability rating would sit somewhere at 7th grade.
So yes, even if I’m not sure ‘duncy’ is a word [don’t care to check since I’m not forced into ‘compliance’ or so with language rules that are longitudinal and latitudinal fluid anyway], it applies to you if you haven’t read the GDPR and still deal with it, in any fashion.
Go read. Be relieved. Appreciate:
[Only then may you rest, e.g., at the Porto Museu Romântico da Quinta da Macieirinha overlooking Villanova de Gaia from the gardens; yes Taylor’s is there for lunch (as is Ar de Rio ..!), and Vasconcelos and Vascos de Carvalho]
[It’s not ‘O’porto by the way, only those like airline pilots who say “New York also called ‘the big apple'” will say ‘the port of Porto’ …]