The Gingerbread Man knew that May 25, 2018 was a big day: the day by which he had to achieve General Data Protection Regulation (GDPR) compliance. Organizations around the world — not just those in the European Union (EU) — needed to prepare.
Was it getting hot in here, or was it just the pressure that was heating up the room? Outside his office, the Chief Gingerbread Officer sign hung proudly, but inside it felt like an oven. He was burning up.
The Gingerbread Man’s first instinct was to run, run, as fast as he could. But he knew running away from problems wouldn’t end well for him — it would only lead to fines.
Instead of running away, he decided to get a running start. The Gingerbread Man sat down and began to assess his current data privacy structure as well as his company’s biggest risks as a prefabricated house manufacturer.
“What are you doing? A GDPR compliance assessment?” an old lady asked as she stepped into his office and peered over his shoulder. “Why waste your time? Just wait and see what happens to the others first. Come and grab a coffee with me instead.”
The Gingerbread Man considered her invitation. He could wait — but he was smarter than that. “Sorry, but it’s critical for me to assess where the organization is at,” he said as he picked up his laptop and left.
He saw an empty meeting room down the hall, but before he could grab it, an old man stepped in front of him. “I need this room to finish up our plan. We have to be GDPR-compliant by the end of May,” the Gingerbread Man said.
“Don’t worry about a plan!” the old man said. “Your assessment is enough. Why don’t you sit in on my meeting instead? You’ll get some quality face time with your employees!”
The Gingerbread Man considered for a second — but he was smarter than that. Without a plan, he’d have a hard time figuring out what activities he actually needed to do to achieve GDPR compliance.
“Sorry, but I’m too busy right now,” the Gingerbread Man said as he ran down the hall toward the cafeteria. He grabbed a table, popped open his laptop and began designing and developing a road map and implementation plan. A pig pulled up a chair next to him.
“That GDPR plan looks pretty good,” he said. “Looks like your work here is done. Why don’t you share this plate of vegetarian nachos with me?”
The Gingerbread Man glanced at the nachos. They smelled delicious — but he was smarter than that. He knew he had to keep moving forward, otherwise his efforts wouldn’t be worth it.
“Sorry, but I need to implement and execute these policies, processes and technologies. No time for lunch today,” he said with a wave. The Gingerbread Man quickly stepped outside and grabbed a seat on a bench away from everyone. He needed a quiet space to monitor the results of his efforts.
The Final Push for GDPR Compliance
It was a beautiful day outside and the Gingerbread Man was able to chip away at his goals, uninterrupted. But then he heard a bark. A dog playfully ran toward him.
“Come play with me,” the dog said as it dropped a ball at the Gingerbread Man’s feet. “Everything is running smoothly — you don’t need to babysit it. It’s such a nice day.”
The Gingerbread Man could feel the warm sun. He was tempted to stop — but he was smarter than that. He had to measure and document the program’s effectiveness. Otherwise, what was the point?
“Sorry, but I don’t have time to play today,” the Gingerbread Man said. He headed back to his office. It didn’t feel quite as hot anymore. It wouldn’t be long until his company was fully GDPR-compliant. But when he opened his laptop, something concerned him: a suspicious incident from someone named Fox.
Thanks to all of his hard work, the Gingerbread Man’s security controls were in place. Within hours, he responded to and managed the incident and prevented a more severe breach from occurring. The Fox wasn’t going to get him this time.
Staying On Track With Your GDPR Journey
Compliance isn’t always fun, but you must get a running start on security before the pressure builds. Stick to the path and don’t let distractions stop you from fully completing your GDPR compliance journey.
Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations. The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation. Learn more about IBM’s own GDPR readiness journey and our GDPR capabilities and offerings to support your compliance journey here.