During the last months, hardly a day goes for me without receiving offers for services or products related to GDPR. Most of them are either new or the demand for them has dramatically increased. Whether we like this fact or not but we will have to deal with many of them soon.
Some examples are:
In Germany there was already a legal requirement for a DPO if an organization proceeded PII with 10 or more employees. In fact, many small businesses never had a DPO in the past but under public preassure they are now looking for external DPOs lacking internal knowledge or ressources. To find an external DPO with reasaonable knowlege at an affordable rate is very difficult at the moment.
DPO Trainings (caused by the first point)
Formal training and certification as a DPO was there before but expensive and limited to bigger training providers. This market exploded, bringing up offerings ranging from high quality to a complete waste of money. The problem is, that these DPO,s will audit our companies for fulfillment of their privacy agreements in the very next future.
Privacy Management Software (influenced by the first and second point)
Software for the easy creation of privacy management documentation (such as checkliists, data processing records, privacy agreements etc.) was available before but not in great demand. Today you can select from a large number of products. Obviously such a software is not intended to ensure the right controls in place but to support documentation or give some basic ideas about controls.
Cease and desist letters from dubious organizations have always been around, especially in terms of file sharing or for not having a privacy statement on your webpage. Many small organizations or even private people were impressed by these letters and paid them becasue they were afraid of even more expensive lawsuits. After May 25th, I expect a new wave of these attempts benefiting from GDPR panic and lack of knowledge or consultancy.
GDPR compliant clouds
The market of cloud solutions that claim to be GDPR compliant is increasing. Of course it is a good thing to have a cloud solution available, which is not incompliant with privacy regulations by design. Unfortunately there is a large number of companies that estimate everything sorted by such a solution, not considering clients, network access to these clouds and very often their privacy processes.
These are just some topics from this new market in a country that already had a very restrictive privacy law before (Germany). I am really curious to hear from you which good or bad highlights GDPR is causing in countries that are used to completely different regulations.
P. S. I apologize in advance for possible grammar weaknesses - as you can guess I am not a native Englsih speaker