To milk GDPR, the wheeze is to peddle scare stories, which is easy because the penalties are draconian, and, when you’ve hooked a sucker, offer a check-list of actions which will assure compliance.
At the same time you can wangle a good look at someone’s business to identify further scams (a.k.a consultancy opportunities).
I see it as another Y2K – when no one quite understood the nature of the threat but everyone knew they had to be ‘Y2K-compliant’ to be a trusted business partner.
I call in the Permanent Secretary.
“Are all the suppliers to the Department GDPR-compliant?” I ask him.
“I understand there are some of which we are uncertain, Secretary of State,” he replied.
“Send a list of the uncertain ones to the ICO,” I tell him, “with a copy to me.”
“Certainly, Secretary of State.”
When my mate at XXX Digital Compliance Solutions gets the list he’ll know who’s had a nasty letter from the ICO and is looking for someone to save them from the consequences of their non-compliance.
And what’s good for my old chum at XXX Digital Compliance Solutions is good for my post-Ministerial life-style.