May 6, 2018
DevOps May be Unprepared for GDPR
DevOps helps organizations increase software speed to market. By working in tandem, software developers and IT operators can help create operational efficiencies through automating internal processes. They can also deliver better customer-facing tools without disrupting services. Where this powerful collaborative force can become curtailed or reach an impasse is in compliance. However, strong compliance programs are paramount for an organization’s success. Violations can lead to lost revenues, fines or legal recourse.
On May 25th, 2018 the European Union will commence enforcement of the General Data Protection Regulation or GDPR. Non-compliance with GDPR will result in heavy fines, up to 4% of annual global turnover or €20 Million (whichever is greater).
What is GDPR exactly? GDPR regulations aim to harmonize and modernize data privacy laws across the continent. Its jurisdiction applies to all companies processing personal data of people or organizations residing within the EU. The data processing activities subject to GDPR can take place anywhere in the world.
The policy encourages privacy by design so that organizations imbed privacy measures while developing products versus adding them after the fact.
GDPR Planning Challenges
A recent article in DevOps.com reports that nearly 83% of 1,000 surveyed companies don’t feel fully prepared for GDPR. Roughly 85% of companies have taken measures to comply but only 31% contain sufficient plans that are well defined.
The article cites a survey by analyst firm, Varonis stating only 10% of companies made substantial investments in GDPR while 70% believe compliance will provide a competitive edge.
According to the article, the provisions posing the most substantial challenges to companies include privacy by design, right to erasure and records of processing activities. Part of the uncertainty about GDPR involves understanding where data is located. Many companies do not maintain compliant data protection protocols globally which could pose substantial compliance risks once after the enforcement date.
With the impending GDPR date fast approaching, DevOps will need to work with internal legal stakeholders to ensure their efforts comply.