GDPR is everywhere at the moment and the stats in the UK reflect the situation in Ireland too.
We all know that something needs to be done before 25 May 2018 to ensure our organisations are GDPR compliant. For those who have managed to avoid it, GDPR is the EU’s General Data Protection Regulation. It will replace the existing data protection regime and provide consistency across the EU in how data protection is regulated.
The main reason that it is attracting so much attention is the potential for large fines for non-compliance.
Ultimately many of the existing data protection principles are still enshrined in the legislation and so there is a lot of GDPR that we should have been doing already. Compliance under the old data protection scheme will certainly make for an easier journey to GDPR compliance.
The reality is though that many organisations had gaps under the current regime and now the clock is ticking to be compliant. Organisations have less than 12 months to work on their compliance. In some cases there will be a lot of work to be done so the most important action to take is to start.
With this in mind, I've prepared a checklist outlining the main actions organisations should be taking to get started on their GDPR compliance journey.
This checklist cannot deal with all aspects of GDPR compliance as this will depend on the individual organisation and the personal data it holds and processes, for example, the checklist does not deal with children’s data, specific processor obligations and other important areas that arise under GDPR. It is a guideline document only to help organisations get started and it is the minimum steps that I would expect to see an organisation taking to become GDPR compliant.
To access the checklist click here
More than half (54 percent) of businesses in the UK have little to no understanding of the fines associated for not being compliant with GDPR. That's according to research from Sophos in which 625 IT decision makers from the UK, France and Benelux (Belgium and Luxemburg) were asked about the impact GDPR will have on businesses in these countries. Almost one in five (17 percent) of all businesses admitted that if fined, their business would close. This number jumps to 54 percent for small businesses with fewer than 50 people. Additionally, 39 percent of ITDMs said fines would also lead to redundancies at their business.