The EU General Data Protection Regulation
The General Data Protection Regulation (GDPR) will apply from 25 May 2018, when it supersedes the UK Data Protection Act 1998 (DPA). Significant and wide-reaching in scope, the new law brings a 21st century approach to data protection. It expands the rights of individuals to control how their personal data is collected and processed, and places a range of new obligations on organisations to be more accountable for data protection.
GDPR compliance is not just a matter of ticking a few boxes. The Regulation demands that you be able to demonstrate compliance with its data processing principles. This involves taking a risk-based approach to data protection, ensuring appropriate policies and procedures are in place to deal with the transparency, accountability and individuals’ rights provisions, as well as building a workplace culture of data privacy and security.
For many organisations, achieving GDPR compliance will be a year-long journey – if not longer. If you have only just started your GDPR project, it is unlikely you will be 100% compliant by 25 May 2018. However, rather than panic, you should prioritise tackling those areas where a lack of action would leave your organisation exposed. Where an infringement occurs, demonstrating you have made a start could help reduce potential penalties.
We can assist you with developing policies, assessing your compliance obligations, carrying out a Gap Analysis and much more. Call us Today or fill out the contact page for a No Obligation discussion.