Last week’s RSA Conference was filled with in-depth content on a wide variety of security and privacy related topics.  But, the hottest topic of the show was definitely GDPR. The show kicked off with 8 straight hours of GDPR content on the first day and then followed that up with multiple sessions on the topic every day following. The new regulation also came up in multiple sessions focused on other issues.  Clearly, GDPR is top of mind for many of the 50,000+ attendees at the conference. Here are just a few of the key takeaways from the event.

• No matter what you hear, no company or law firm has a full ‘solution’ to GDPR for their clients. There are still far too many ambiguities in the regulation that will become more clear once initial enforcement begins. At some point, there will likely be accepted GDPR ‘certification’ services available, but they don’t exist today.
• There is general consensus that many key aspects of GDPR remain open to interpretation. Language in the regulation like ‘reasonable degree of certainty’ leave various aspects open to interpretation. The best recommendation for companies is to determine how they define some of the ambiguous language in the regulation and then use that definition consistently over time.
• GDPR may only be the beginning. A number of presenters discussed a trend toward more privacy regulation around the world. India and the APAC region were specifically noted as areas that would likely see new privacy regulation in the near future.
• One of the important aspects of addressing GDPR will be documentation. Having internal processes meet GDPR standards is obviously important, but not thoroughly documenting everything could be a real gap in preparedness for many companies.

Stay tuned to the OPTIZMO website and blog for more detailed information on various aspects of GDPR.