GDPR – Y2K all over again?

calendar-1.png

Who remembers welcoming in the year 2000 with bated breath to see not only the new millennium, but whether worldwide computer systems would crash because of the so called Millennium bug?

The problem was in the early days of computing dates had been stored only as two digits, as in ‘99’ not ‘1999’, so a new year ending ‘00’ effectively put the clocks back to 1900, not forward one year. It was the disaster that never was, but it was certainly a headline grabber, as in this case http://www.independent.co.uk/news/science/nuclear-war-fear-over-y2k-bug-738725.html. We still don’t know if it didn’t happen because of universally excellent preparatory work, or because it was massively over-hyped.

Now we find ourselves approaching a similar (although slightly less dramatic) situation with the new Global Data Protection Regulations (GDPR). With an imminent deadline of May 2018 there is growing alarm in organisations about not being ready in time. Much of this rising heat is happily stoked by those who are likely to benefit from sharply increased IT expenditure, but there is real cause for concern in the Institute of Fundraising that many smaller charities have not yet started planning. In fact GDPR is as much a change of culture as one of technology and this will take time to bed in. Most firms will not be compliant by May next year, but the good ones will have a clear pathway to being so.

Although it may seem strange, IT and investing are pretty similar activities (other than their fees). An IT specialist would be as nervous designing his own pension as an investment specialist would be fixing his own computer. Both are full of opaque technical language where it is almost impossible for the layman to distinguish incidental risks from catastrophic ones. Importantly, both disciplines can trade on a fear factor and exploit a client’s uncertainty and ignorance. That’s why independent advice in both fields is so valuable, especially when boards are being prompted to change.