Much has already been written about GDPR but what makes the Airmic guide on the subject stand out is that it concentrates on the practical implications and how to deal with them, rather than concentrating on the theory. And a big message to emerge is that risk managers should play a big role in addressing this particular piece of regulation.
The guide sets out to simplify one of the most complex regulatory challenges to face corporate UK in recent times. It is written primarily for risk managers who, it says, are ideally placed to co-ordinate the response because of their wider perspective and touchpoints across the organisation.
The whitepaper, 'GDPR Goes Live', provides a step-by-step approach, breaking down a topic that might otherwise be overwhelming into manageable components. It stresses that compliance is first and foremost a cultural issue rather than an exercise in ticking boxes.
It stresses the importance of cultural change necessary to respond effectively to the regulation. Data protection, it says, must become embedded in an organisation's processes and the thinking of its staff if it is deal comprehensively with the challenges posed by GDPR.
To quote the paper: "Complying with GDPR is not a one-off project. An integrational, thorough and transformational programme is required that addresses how an organisation's personnel, processes and systems handle personal data"
"It's about moving away from seeing the law as a box-ticking exercise and instead to work on a framework that can be used to build a culture of privacy that pervades an entire organisation," says Nick Gibbons, a partner at BLM, who acted a consultant to Airmic.
"GDPR is about so much more than just process," says Airmic Research and Development Manager, Georgina Wainwright. "It's about culture - about how an organisation thinks and behaves. It can be much less intimidating than it might seem at first sight. We hope this paper will enable risk managers see the light at the end of the tunnel."
You can view the whitepaper here, and download the PDF here.