Although discussions around data protection reform go back nearly a decade, we are now in the final few months of preparation before what the Information Commissioner herself has called “the biggest change to data protection law for a generation”.
With less than five months to go, you need to be thinking carefully about where you are along your road to compliance and what risks you face if you are not ready by 25 May.
Here we take a quick snapshot of the GDPR landscape now we are a few weeks into 2018. If you don’t already have it saved as a bookmark we would strongly suggest you review the latest January guidance from the Information Commissioner’s Office to help you to get you where you need to be by 25 May.
There is still time to act
One of the key steps to dealing with any shift in any legal landscape, besides understanding the changes to the law, is understanding how those changes affect your business and that you are ready as far in advance of that change as possible. With just 5 months to go, there is still time to get ahead of your competitors and on top of the GDPR compliance challenge.
We view the GDPR as a Trojan horse which can help many businesses to make better strategic decisions by better understanding the customer data they process. Carrying out a data audit and understanding your data can help you to enrich and enhance your customer’s experience of you and your opportunities with them – that can lead to significant competitive advantage.
No GDPR quick fix
Although some sources would claim otherwise, there is no GDPR toolkit or ‘one size fits all’ option. Yes, there are some helpful frameworks you can work within, but every business needs to develop a strategy which accommodates their specific data protection needs and start implementing that compliance plan as soon as possible. That means bringing together a project team covering all aspects of your business, legal, HR, finance and technology and nominating key individuals to be responsible for delivering ongoing GDPR compliance long term.
From a legal perspective, the requirements of the GDPR, and the protections you need to put in place to protect the personal data you hold, depend on a whole host of factors often unique to your business. You need to ensure that any advice you receive, legal or otherwise, is tailored to you, your sector and your customers, so that the documents, policies and procedures you put in place reflect and properly manage your real day to day data protection risks.
With the right team and strategy it is not too late to make those changes over the coming months and put yourself in the best possible position to be compliant by the May deadline. Whilst the fines for breaches may be headline grabbing that’s only for serious non-compliance, it’s the negative publicity and loss of competitive opportunity which are likely to prove more damaging.
How we can help
Our GDPR team includes lawyers from across all of our core departments. This means that whatever sector or field you operate in, we have someone who understands your business landscape and can give you clear, specific advice and guidance. Between now and May we are running numerous GDPR-focused events – we hope you will be able to join us and we can help you map out your GDPR compliance plan. For details, and for links to our other GDPR materials please visit our GDPR site.