With the clock now ticking down fast to next May's deadline to be compliant to GDPR, companies rushing to ensure their work is up to code may find themselves being taken for a ride by less-than-scrupulous suppliers.
That's according to a new study by ST2 Technology, which has warned that companies need to take more care when it comes to choosing compliance partners for GDPR, and ensure that they have the right balance of legal and technical delivery skillsets in place.
The company says that it has seen a "sharp rise" in the amount of assessment kits and non-specialist consultants offering advice to organisations on how they can prepare for GDPR compliance, despite not always having the relevant and appropriate experience.
ST2 Technology noted that the non-prescriptive nature of the regulations has created uncertainty and a lack of clarity across the market, and urged organisations not to head into the "wild west" of GDPR readiness.
“Organisations are running headlong into GDPR to get prepared for when it comes into effect on 25 May 2018. However, there is an equal and opposite rush from consultancies to fill the market void, leading to untested and potentially incorrect approaches to ensuring compliance. We can expect a lot of teething problems and some significant compliance failures coming to light over 2018/19," said Richard Hannah, head of consulting at ST2 Technology.
“For many consultancies, customers looking for partners to help them become compliant with GDPR is the equivalent of a new gold rush – however, less speed and more haste should be the mantra as we all work with the new data landscape now coming into view."
“Organisations must recognise that GDPR is not just about company records, data and processes, it is also about the law as it affects an organisation’s commercial arrangements, technology, risk management and a company’s ability to transform operations to maintain compliance.”