3 months from the deadline and i'm still meeting businesses that haven't heard of GDPR.
Quote: "GDPR compliance is not just a matter of ticking a few boxes; the Regulation demands that you be able to demonstrate compliance with its data processing principles. This involves taking a risk-based approach to data protection, ensuring appropriate policies and procedures are in place to deal with the transparency, accountability and individuals’ rights provisions, as well as building a workplace culture of data privacy and security."
If you run a business PLEASE PLEASE familiarise yourselves with this upcoming legislation.
You can get the full rundown from the Information Commissioners office here: www.ico.org.uk
Some of my clients have chosen to use and modify templates from legal document services like this one: www.simply-docs.co.uk
Most of the new law is concerned with policies and procedures but you WILL no matter your size need to consider your IT system and it is important to get your IT involved so they can answer the technical side of of it.
What it comes down to mostly is ensuring that you take an active approach to data security and can show that you tackle the issue proactively. If you suffer a breach you will be expected to report it and if you do not and it comes to the attention of ICO you will likely suffer large fines, even more so if you cannot show any work preparing for and implementing the GDPR.