GDPR – Good News and Bad News

Feb 20, 2018 | GDPR, ISO 27001

GDPR compliance is focusing some minds in early 2018. Google “GDPR Compliance”, and propositions and offers of “tookits” will overwhelm the reader, like call girl cards in a 1970s London telephone box. The average company director has a right to feel stressed.

However, it’s not all bad news, although a deadline combined with potential fines makes it seem so. Unscrupulous salespeople will make it even more so….

Have we been here before? Well, our senior consultant Colin Brown, a 25-year veteranof the quality business, will tell you that we have. There’s often been a panic-driven rush into new procedures and systems. A more measured response to a new regulatory structure would have been prudent. Millennium Bug, anyone? This blog aims to hit that middle area between a balance and reasoned approach, and a time-pressured, knee-jerk response .

Here is The Good News?


There appear to be anomalies and conflicts within the GDPR guidelines. A good or a bad thing? Well, both actually. The benefit is that you can’t be expected to comply with something which does not seem to be the definitive version. If they’re unclear on some things, you might just have the freedom to be so, too. More on the down-side of this later.

There’s Still Time. We’re currently working with clients and creating GDPR compliance within a couple of days, and can combine this with ISO 27001 in one fixed-price package. As the ISO Standards business is centred around compliance, we’ve a solid background in moving companies “from here to there” in a short time, so are confident of delivery.

There’s No Compliance Speed-Camera. Deadlines and fines are Very Good News for those in the industry who are fanatically sales-driven. They tend to play on the threat of instant fines in May 2018. However, the ICO have indicated that they will work with companies, especially smaller ones, where there are issues. We can’t see any risk of the “offend-capture- fine”sequence of a speed camera.

And Now The Rest of The News.



See “Contradictions” above.

The framework is still being amended, so what may be compliant one day, may not be on the following day. It gives the holder the partial defence of ignorance, but it does mean that certain areas would need to be revisited and amended.


We can move quickly, but we know that companies often move slowly. GDPR compliance is not a topic that should “pinball” around different areas of responsibility in the company, with no-one taking overall ownership. We’ve seen similar things happen. We could achieve compliance within a matter of days, for a fixed price, but this is dependent on corporate willingness, rather than the whole topic being shuffled from one inbox to another in a vain hope that it will eventually go away.


Unlike ISO 27001, GDPR has a mandatory element to it, and fines for non-compliance will follow. This is not an optional regulation, and thought needs to be given to the consequences of a serious data breach taking place post-May 2018 which would have been prevented by GDPR compliance.

What is next?

Please get in touch. We are ready to help.


Share This