When I first started hearing about the General Data Protection Regulations coming into effect in May 2018, and saw the big panic and hoo-ha that was being made about it, I couldn't help but think that surely this wasn't the first time something like this had happened?
As I began to read more about the topic I started to realise that there seemed to be a lot of similarities between this and when the Sarbanes-Oxley Act came into effect in 2002 in America. The main similarity was that though the changes in 2002 and 2018 were applied to a specific region or continent, Sarbanes-Oxley did (and GDPR will) have direct and indirect effects to any global companies with a presence in both markets.
The cost of complying with the regulations set in 2002 has since been a concern for CFOs, maybe the fear of the imminent regulations should cause for caution too?
Kristin Kufeldt makes a great point in her article that technology has developed massively since SOX and will undoubtedly play a vital role in making this transition smoother. For anyone who has worked in the pharmaceutical, chemical or financial services industries in the past 10 years, GDPR should not prove too difficult. GDPR works in a similar fashion, requiring a "paper trail" to be able to show the authorities where necessary that the policies and procedures have been correctly put in place.
SAP looks to be preparing customers nicely for the transition by offering tools to work in sync with their GRC solutions to make the process as smooth as possible. If this is something you have started to think about, we would be happy to share some of the stories for how we support our customers to prepare for the changes.
Quite symmetrically to Sarbanes–Oxley Act of 2002 (SOX) in America, the GDPR is imposed unilaterally for application in the EU only, but due to the size of the market, it impacts companies all over the world, as so many have operations in the EU. And being less familiar with data privacy practices prevailing in Europe, non-EU companies find it maybe even more concerning, as shown by the current multiplication of conferences on the topic in the US alone.