Can anything be GDPR compliant?
My LinkedIn is unsurprisingly full of data protection professionals and information security engineers (as well as web dev and creative professionals… and the required minimum number of friendly recruiters as well).
Over the last few weeks, I’ve noticed a trend in the comments/rants that are being posted and one is around different products, services and even companies themselves referring to having ‘GDPR Compliant’ solutions.
Here comes the argument – because the GDPR (Data Protection Act 2018) is an on-going thing based around lots of moving pieces around a chessboard. You have constant ongoing processes, staff interactions, data being submitted can you really be ‘Compliant’ – Compliant is that line in the sand.
Can a product, service or organisation be GDPR compliant?
To be truly ‘GDPR’ compliant in my opinion, You’d never have to touch personal data in the first place. In which case it’s not that you’re GDPR compliant it’s that you don’t full under the GDPR anymore – In which case could we put a compliant stamp on every packet of tea, on t-shirts?
What I think these products, services and organisations are really trying to say is
‘We take data privacy and the protection of personal information seriously’
‘We take a privacy by design (privacy first) practice with everything we do/offer’
The counter-argument is, of course, that being ‘GDPR compliant’ means that the company is doing all of this and hasn’t ever had a problem and wants a two-word statement that they can put on a stamp.
Personally, if I ever see a ‘GDPR compliant’ stamp on software, service or organisation… I don’t trust it. There isn’t a formal body that inspects and certifies it and if there was I’d be dubious outside of any ruling that didn’t come from the ICO or the courts.
I’m sure many may disagree with me but If you’re looking to give your potential customers some confidence in what you’re offering and tempted to put a ‘GDPR compliant’ statement or badge forward – Don’t. Find a way to push the two statements I’ve mentioned above – As long as you could evidence it you’d win me over!