It was interesting to read the recent feature in Information Age, The GDPR flood: more significant than the Millennium Bug?, which likened the issue of compliance with the new General Data Protection Regulation (GDPR) to the problems posed by the Y2K bug in the late 1990s. IT veterans will of course remember the global paranoia engendered by the fact that many of the world’s software systems assigned only two digits to record a year, so a four-digit year (i.e. the year 2000) would literally go back to 1900! This problem was identified as early as 1985; by 1995, governments around the world were funding updates to public sector systems and running significant awareness campaigns aimed at businesses large and small.
The GDPR means business
First proposed in January 2012 by the European Commission and formally approved by the European Parliament in April 2016, the GDPR will supersede national laws, unifying data protection and easing the flow of personal data across the 28 EU member states. When the GDPR comes into force on 25 May 2018, all organisations that process the personally identifiable information of EU residents will be required to abide by a number of provisions or face significant penalties.
Unlike the Millennium Bug, the GDPR seems at first glance to only apply to organisations based in EU member states. However, its complex requirements (and penalties) with respect to the personal data of EU residents apply to every organisation in any part of the world. They also apply to the international transfer of data from one country to another.
You only have 18 months to comply
Unlike the ten years or so that we had to prepare for the Y2K bug, organisations only have until May 2018 to comply with the GDPR. While computer systems will not reset on this date, the risks of financial penalties and potential loss of business in European markets are realities that should be on the agenda of every CEO or board-level director.
With the UK’s decision to leave the European Union, you could be forgiven for thinking that the GDPR no longer applies to your organisation. But until the UK completes the process of leaving the EU, the GDPR is still the law. As the UK Information Commissioner’s Office (ICO) was at the forefront of the GDPR’s development, it is almost certain that the current UK Data Protection Act (DPA) will be updated to reflect the more rigorous requirements of the GDPR.
Take action now
Do not take the risk of ignoring the GDPR in your organisation. Get started immediately and attend our next session of the Certified EU General Data Protection Regulation Foundation (GDPR) classroom training course. To support organisations in all areas of the UK, we are running regular one-day sessions in London, Cambridge, Manchester and Edinburgh.
And just for the techies – don’t forget the Year 2038 bug
The original Unix time datatype (time_t) on 32-bit systems stores a date and time as a long integer representing the number of seconds. In 2038, this number will exceed 232 − 1, the largest number for a signed long integer on 32 bit systems, causing the Year 2038 problem (also known as the Unix Millennium bug or Y2K38). Bear in mind that this problem does not exist on 64-bit systems.