There are five big errors firms are making when handling the implementation of the General Data Protection Regulation (GDPR), diners at the PAM Annual Compliance Dinner heard.
Stephen Bonner, partner within the risk advisory team at Deloitte, outlined the issues that many firms are getting wrong.
According to Mr Bonner, the "delight" of GDPR is that large chunks of it are still unclear due to it being "poorly defined and rapidly moving". He stated that it will remain unclear even after the compliance deadline on 25 May 2018. This means that it is more important to listen to the messages of the regulator and what they are paying attention to rather than to the precise wording of the regulation, Mr Bonner said.
Next up and where Mr Bonner has seen projects "really flounder" is when they are isolated not integrated. He noted that while it is "tempting" with a short time frame to run a separate approach to GDPR, there are obvious benefits to being joined up across regulations so as to avoid having to contradictions.
The third error that Mr Bonner pointed to was "being brittle rather than defensible".
He said: "We see that there is a clear deadline so organisations believing that some magical thing is going to happen the day after the deadline are building things that are solely for the purpose of that week. It's a rush to the finish line, put it in place and just walk away."
Mr Bonner advised that organisations should take benefit from existing processes and systems to make sure that the projects being built are sustainable even if it means delaying slightly the delivery of the initial components.
The fourth issue, Mr Bonner used the example of car rental: "When I rent a car, I drive terribly and if anything goes wrong, I can just quickly cover it up and hand it off. With my own car, I am much more careful. What we are seeing is that often the team responsible for delivering the project are not involving the teams that are going to own it and sometimes are driving as fast as they can to the deadline and covering up issues."
For him, making sure that the right people are involved throughout the process and making sure the people who have to own GDPR have input is key.
Finally, Mr Bonner pointed to the fact that many organisations are treating GDPR like a tax rather than a benefit. He considers that the kind of information and requirements it has can drive a deeper understanding of an organisation. "By adding a little bit extra to the scope of the program, you can deliver real benefits rather than it being just a cost," he added.
The PAM Annual Dinner for wealth management heads of compliance (or the like) was held at The Goring Hotel in Victoria, London on Wednesday 20 September 2017. The Dinner was attended by nine heads of compliance, three speakers and one chair. The evening was kindly supported by JHC. It was chaired by Ed Hicks, managing director of PAM Insight, and co-chaired by Andrew Watson, head of regulatory change at JHC Systems Limited.