Compliance is a cultural challenge rather than ticking boxes, the UK industry group for risk managers said

Gdpr countdown

Airmic has published a guide to the General Data Protection Regulation (GDPR), set for EU implementation from May 25. 

The guide is written primarily for risk managers, who, Airmic said, are “ideally placed to co-ordinate the response because of their wider perspective and touchpoints across the organisation”.

A white paper, “GDPR Goes Live”, provides a step-by-step approach, Airmic said, breaking down the topic into manageable components. 

The UK industry group for risk managers and insurance buyers said its “practical guide to GDPR…sets out to simplify one of the most complex regulatory challenges to face corporate UK in recent times”,

“Complying with GDPR is not a one-off project,” the paper warned.

“An integrational, thorough and transformational programme is required that addresses how an organisation’s personnel, processes and systems handle personal data,” Airmic added.

Airmic’s guide stressed the importance of culture to respond to the regulation, suggesting data protection should be embedded in an organisation’s processes and the thinking of its staff, to deal comprehensively with GDPR’s challenges.

“It’s about moving away from seeing the law as a box-ticking exercise and instead to work on a framework that can be used to build a culture of privacy that pervades an entire organisation,” said Nick Gibbons, a partner at consulting firm BLM, advising Airmic.

“GDPR is about so much more than just process,” said Airmic research and development manager, Georgina Wainwright.

“It’s about culture – about how an organisation thinks and behaves. It can be much less intimidating than it might seem at first sight. We hope this paper will enable risk managers see the light at the end of the tunnel,” she added.

StrategicRISK Europe has a whole section of its website devoted to GDPR readiness. Click here to take a look.