Simon Walkden

Former Global Head of End User Engineering at Barclays and leader of Vodafone’s Cloud and Hosting Services, Simon Walkden is steeped in experience at leading international organisations. He has a particular depth and breadth of expertise in ITaaS.

This is embodied in the development, while MD of Flourishing IT Ltd, of an IT Healthcheck service that enables companies to improve delivery, while achieving new levels of internal efficiency and regulatory compliance.

With a passion for reducing cost and complexity, Simon now guides Virtual Clarity’s clients through digital transformation, enabling them to realise the full range of benefits of ITaaS and zero-owned infrastructure.

Connect with Simon.

View articles by Simon

The Cruelty of GDPR

There is a joke circulating on the Internet, based on the classic song, “Santa Claus is Comin’ to Town”. The joke goes, “He’s making a list, he’s checking it twice; he’s gonna find out who’s naughty or nice, Santa Claus is in contravention of Article 4 of General Data Protection Regulation (EU) 2016/679.”

Ah yes - the cruelty of GDPR – Christmas is cancelled. I thought of this as I read The Guardian article on Monday – “Most GDPR emails unnecessary and some illegal, say experts”. The UK’s Information Commissioner’s Office (ICO) recommend that you revise and communicate your privacy policy (step 2) and make sure your consent meets GDPR standards (step 7) in their 12-step plan for getting ready for GDPR. The Guardian article suggests that in doing this, firms may breach Privacy and Electronic Communications Regulations. Now that would be cruel – the ICO prosecute you under a different privacy law for following their advice on GDPR! What kind of jeopardy is that?

Let’s hope that it was tongue in cheek, a la Santa Claus. I’ve always admired The Guardian’s sense of humour.

Obviously, there is a lot of exasperation amongst the public with all the e-mails. But they are mostly from the millions of small companies and organisations strapped on resources trying their upmost to comply. And what else could they have been expected to do based on the Regulation?

In reality, we will all benefit from greater data privacy. Facebook’s market capitalisation is over $500bn, built on the assets of people’s personal data. Our personal data is worth money to people. Once we have learned that logging on to an application with our Facebook account is as stupid as logging on with our online bank account credentials – the lesson that Cambridge Analytica has taught us – then nefarious parties will seek other ways of harvesting that data. It has been argued that as large enterprises have learned how to make things difficult for hackers, the SMEs are the next target. Aggregating personal data from smaller companies may be a near-term threat. If GDPR has caused millions of smaller companies to think about privacy, who they share data with, how long they keep data, it may be one small step to protect. If the e-mail volume is a measure of the success of raising the profile of this subject, perhaps we should offer a begrudging respect?

And let’s hope Father Christmas can keep going under GDPR’s vital interests provision.

Related:

- Tacking GDPR Before Time Runs Out
- Why is GDPR Compliance so hard to pin down … and what should your company do about it?