|
|
|
|
|
|
by p_l
2173 days ago
|
|
|
Locally (Poland) I had a feeling that a lot of the misconception was fueled by people trying to sell consulting on GDPR, when majority of the situation could be summed up as "remember the GIODO (polish PII protection agency) rules that you ignored so far? Now they have teeth". But if you sold it as something more complex than "PII is like nuclear waste, you want to avoid it", then you couldn't sell high-priced "GDPR transformation services" or get lots of ad views on your spiffy web page :/ |
|
|
There is a lot of money to be made in GDPR-related consulting peddling non-compliant snake oil. GDPR compliance is actually quite simple, however it is often detrimental to the business, so it's near-impossible to do "honest" GDPR consulting because you'd be telling your client things they don't want to hear and they would rather go to someone else that tells them what they want to hear, even if they don't actually solve the underlying problem of compliance.
That's the only reason I can think of why non-compliant consent management solutions (such as TrustArc) are thriving despite even a casual read of the regulations would immediately point out that they are not compliant and thus do not help to achieve the desired goal of GDPR compliance.
Unfortunately there is no enforcement at present so there's nobody out there to set the record straight and scare companies into compliance (potentially getting them to sue the consultancies for their non-compliant solutions).