The very hardest thing to do is to create a GDPR compliant strategy; the GDPR regulation is so wide, various and complicated with many aspects still open to clarification by the Article 29 Working Party that being compliant is just completely unrealistic.

I don’t call it violence when it’s in self-defence; I call it intelligence – Malcolm X

So, if you can’t be compliant with the new legally binding regulation arriving in May 2018, then what can you do? In very simple terms you can create a legally defensible position, where you are able to prove that you are doing everything that you say you are doing and that can be measured, monitored and quantified. This will not stop you from having a data breach but it will mitigate the implications of that breach.

Creating a defensible position means that you have to look at every aspect of your business – what data you hold, where that data is located, how you are using that data, and whether you have a legally defensible reason or explicit permission from the data subject to hold and use that data. If your organisation cannot simply and quickly answer these questions, then your legally defensible position is already flawed. If you then add in the complexity of every person, process, application and contract that could use any piece of personally identifiable data across your organisation, then you begin to understand what your business must do to create a defensible position.

I hear you all cry “why bother?” but as Malcom X says above “Defence is intelligence”. In every aspect of our lives we defend ourselves and society at large because it’s an intelligent thing to do and defending your organisation and protecting all your customers, suppliers and employees’ data is no different. In fact, the question should be “why wouldn’t you bother?”.

Organisations that grasp the opportunity and create a defensible position will undoubtedly take the lead over their competitors and create the standard that others have to achieve. Your organisation should be that standard bearer. You should make life difficult for your competitors. Creating your legally defensible position will achieve this.

There is no doubt that creating a legally defensible position will take time and effort, but the benefits far outweigh the implications of not bothering. Change is difficult and enterprise-wide change is especially difficult. Talk to Project One to understand what you could do, should do and ought to be doing. Call us on +44 (0)1477 544462 or drop us an email at


POSTED BY: James O'Sullivan - Director of Client Delivery


View the author's team profile page