Are you ready for the General Data Protection Regulation which comes into effect in May 2018?
Despite Brexit (this is a European regulation) it will still apply to businesses and organisations in the UK – any company that holds data that belongs to an EU citizen.
GDPR compliance will mean many businesses need to appoint a data protection officer. Even if yours doesn’t, you must ensure your business has enough members of staff and the skills needed.
The GDPR means businesses will need extensive notice requirements, privacy impact assessments, privacy by design and by default. It is designed to harmonise the way data is gathered across Europe and ultimately protect individuals.
Familiarise yourself with the requirements of the regulation
Find out if you need a DPO – see this diagram here which will help you decide
Review your data processing activities
Understand the data you hold and where it is
Review your contracts, consent forms and privacy notices.
Privacy as a profession is a growing industry, and those who work in it need to have that work valued by an organisation’s senior management.
The GDPR advent is the biggest change to happen to data gathering in the UK. Fines could be up to 4 percent of global annual turnover, so it’s hugely important small to medium-sized businesses prepare.