The Millennium Bug

Almost 20 years ago, the media started to report that many computer systems would fail on January 1st, 2000 due to what became known as the ‘millennium bug’, or ‘Y2K’.

We were told nuclear reactors would fail, airplanes would fall out of the sky, and electricity supplies would be interrupted.

Businesses started to fear the worst and became increasingly fearful that they would be impacted.

Taking advantage of the fear, many solution providers and technology sellers appeared on the scene, offering solutions to the problem.

In the months approaching January 2000, organisations spent many days and many euros to solve the problem.

Then the day of reckoning arrived. And nothing happened.

My car and Y2K

In 1999, an ‘expert’ told me my car would not work once January 1st arrived.

The reason?  Its engine management system was known to have a problem handling a date beyond 1999.

The fact that my car (first registered in 1988) had an engine management system at all was surprising to me. The fact that its engine management system understood the current date was beyond my comprehension.

Needless to say, the car worked fine on January 1st.

But I digress.

What has Y2K got to do with GDPR?

I can see why many people see similarities between what went on in 1999 and what is going on now.

  • The media is reporting a doomsday event: Yes
  • Businesses are becoming fearful that it could have a major impact on them: Yes
  • There are a lot of technology solution providers and consultants (including me) on the scene who say they can help you avoid this doomsday event: Yes

The similarities between Y2K and GDPR are clear. Up to a point.

You may believe Y2K was a con.

Alternatively, you may believe it was a real risk that was avoided because of the work done in the run-up to January 1st.

Perhaps the reality is somewhere in the middle.

Is GDPR the latest con?

The Y2K problem may never have existed. Perhaps it was all a con.

GDPR certainly exists. It will be applied on the 25th May 2018. It will be real.

Is all this talk of fines and sanctions the real con?

This is the €20+ million question. And this is where people see parallels between Y2K and GDPR.

  • Yes, the year 2000 arrived. But planes didn’t fall out of the sky.
  • Yes, GDPR will arrive. But maybe businesses will not really get into trouble.

Perhaps the risks are not as high as the media is suggesting.

That really depends on the regulator. And we are not dealing with a powerless, under-resourced regulator.

GDPR gives the regulator new powers to issue fines and sanctions to organisations that do not comply with data protection law.This is a significant change from the current situation where the regulator has to bring the organisation to court and hope the judge agrees with its assessment.

The regulator’s budget has grown from €1.3m in 2013 to a projected €11m in 2018. It will have 140 staff by the time GDPR arrives, up from about 70 today.

The financial impact of not complying with GDPR may largely depend on the decisions of a well-resourced and empowered regulator.

Will the regulator really apply significant fines in every situation?

Recent presentations by the regulator’s staff suggest that those who can demonstrate honest efforts towards compliance will be treated very differently to those who flagrantly or repeatedly break the law.

If I was in front of the regulator, I’d like to be able to demonstrate my honest efforts to comply with the law. It would make for an easier conversation!

Don’t let your experience of Y2K cloud your judgement of GDPR.

Don’t just brush this off as another Y2K.

GDPR is real. It’s coming. It won’t go away.

You need to decide how much you want to invest preparing for it.

Make sure you are fully-informed when you make that decision.