19th October 2017

GDPR: A framework for better security and privacy or another consultants’ picnic?


Remembering the Millennium Bug

People of a certain age in the technology sector are likely to remember the Millennium Bug. If you are not aware (or have simply forgotten!), it’s worth a quick history lesson…
When programmers were designing computer systems in the last decades of the 20th Century, they mostly used a two digit year format. Lots of legacy systems were still in use as the year 2000 (Y2K) approached. At midnight on 31/12/1999, the two digit year would roll over from ‘99’ to ‘00’ and no one could really predict what would happen. Isolated, discrete systems were one thing. What about interconnected systems? What about systems that controlled major infrastructure?
To try to avert Armageddon, entire armies of programmers were retained as consultants (many on really great hourly rates!) and dispatched to try to avert a global meltdown by retrofitting four digit year formats to systems. Despite this, even as the rollover date approached, there was a lot of uncertainty about what would actually happen…
Well, the world survived the Y2K rollover pretty well. Air traffic control systems didn’t drop planes out of the sky… Nuclear reactors didn’t go haywire… Coffee machines carried on dispensing caffeine in the required doses to the bleary eyed who were on standby that night in case things went south… And Windows carried on being Windows with all its bugs and foibles.

GDPR – a little bit of history repeating?

The fact that nothing really went disastrously wrong led to the Millennium Bug being interpreted by some as a bit of a red herring and characterised as a ‘consultants’ picnic’ – something of a job creation exercise by the IT industry.
The GDPR comes in to force on 25th May 2018. The European Union General Data Protection Regulation (EU-GDPR) is being adopted in the UK and promises a new era of better privacy for individuals and IT security for organisations of all types. Even though the UK is set to leave the EU, the UK government is writing GDPR into law. This is vital because unifying IT security and privacy standards facilitates cross-border exchange of goods and security information.
However, there are some that suggest GDPR could create a situation akin to Y2K. Will GDPR really create better security and privacy or is the entire project simply the lofty (and unworkable) ideals of legislators which creates another consultants’ bonanza for the IT industry?

More jobs, more services, more technology

There is little doubt that GDPR has boosted the recruitment of those with data management and protection expertise. The mechanics of becoming compliant with the GDPR standard requires a significant amount of auditing and analysis to identify gaps and understand how to close them to ensure organisations meet the requirements. And it’s not just permanent hiring that’s experiencing an uplift.
GDPR consultancy is a value-added service. Googling ‘GDPR services’ gives you “About 8,710 results”. Small and mid-sized companies in particular, without the budgets to appoint their own GDPR project leaders require outsourced GDPR services. However, larger companies with more complex systems and infrastructure may also require the assistance from external third-party experts.
Also, tech vendors are making hay while the sun shines too! Software applications to automate GDPR related tasks such as auditing and encryption are now readily available.
There is no doubt that GDPR is an ambitious project, it seems well intentioned and deserves to succeed. Perhaps the most important distinction between the Millennium Bug and the advent of GDPR is that there is no countdown to a final date, no 31/12/1999 where we will see whether the project has succeeded or failed straightaway. GDPR is going to produce a long tail of results where absolute success or failure is more difficult to pin down and is only revealed over time.

Get certainty on the GDPR from ETZ

ETZ is working right now to make certain our recruitment back office solution fully supports GDPR. It is important for recruitment firms to understand that they cannot offload responsibility for GDPR compliance on to external IT service providers.
Every business will be held directly responsible for meeting the regulatory standard. Recruiters need to actively engage with all technology suppliers to ensure all IT systems support compliance. If you want to find out more about ETZ and GDPR, don’t hesitate to contact us.

Photo Credit: European Union Flags courtesy of Thijs ter Haar / Flickr

Download your free guide

7 smart ideas to grow your recruitment agency.

Download Now
Download your free guide

Latest Posts


As AI becomes more influential in RecTech, make sure ETZ is part of your software stackAs AI becomes more influential in RecTech, make sure ETZ is part of your software stack

6th February 2023

Extraordinary potential of artificial intelligence speech and text recognition One of the biggest buzzes in the world of tech over...

Read more

AI and NLP herald the dawn of a brave new world of RecTechAI and NLP herald the dawn of a brave new world of RecTech

29th January 2023

Artificial Intelligence (AI) Natural language Processing (NLP) A couple of weeks back we looked at the AI revolution that is...

Read more

Talent shortages: Time for recruiters to lobby for more action by governments and policy makersTalent shortages: Time for recruiters to lobby for more action by governments and policy makers

20th January 2023

A common problem for many developed economies globally Across the Anglosphere, including Australia, US and Canada, as well as the...

Read more

See what ETZ could do for your agency with an online demo

Save hassle, time and money with our powerful software.

Book a Demo

Sign Up To Our Newsletter