The General Data Protection Regulation (GDPR) very significantly increases the obligations and responsibilities for organisations and businesses in how they collect, use and protect personal data.
At the centre of the new law is the requirement for organisations and businesses to be fully transparent about how they are using and safeguarding personal data, and to be able to demonstrate accountability for their data processing activities.
It is imperative that key personnel in your organisation are aware that the law is changing to the GDPR, and start to factor this into their future planning.
They should start to identify areas that could cause compliance problems under the GDPR. Initially, data controllers should review and enhance their organisation’s risk management processes, as implementing the GDPR could have significant implications for resources; especially for more complex organisations.
Any delay in preparations may leave your organisation susceptible to compliance issues following the GDPR’s introduction.