Just over a year ago ‘top predictions for 2017’ included a deal of activity as organisations of all shapes and sizes get ready for the implementation of the EU’s General Data Protection Regulation (GDPR). In the year since, there has indeed been a great deal of activity, much of it from commentators worrying abut the lack of progress and quoting statistics from the first half of 2017 to prove their point. Here’s the latest we can find, from CareersinCyberSecurity.co.uk and London law firm Hamlins LLP (July 2017):
Now, we are not experts in GDPR but our close relationship with data means that we have to have a working understanding of what’s involved and how it might impact our business and, just as importantly, the [data analytic] business of our clients. As for the above statistics, well it’s true that we don’t have a formal budget and our data protection officer looks a bit like Robin, but we do know that UK businesses must comply post Brexit, we will fund our reasonable compliance with the regulations (the alternatives look much more expensive) and when we get this right the risks to the business will be totally manageable.
For those of you who want a bit more detail, here’s a very brief summary of the changes coming into force from 25 May 2018 (courtesy of ICAEW):
And finally, if you haven’t yet had quite enough, the ICO has a lot of guidance, including this handy 12-step guide on preparing for GDPR. It covers the following areas, with a link to the full guide at the end:
For the full guide: https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf