In a departure from the usual script, this blog is about a service that we don’t offer: general legal advice regarding the incoming General Data Protection Regulation (GDPR). GDPR will come into effect on 25th May 2018 and I have been approached by several new and existing clients who are concerned about the impact it will have on their processes, both in respect of clients and suppliers, on and offline.
What I have gleaned from discussing the GDPR with other professionals and from research, is that there are several things larger businesses should consider doing in advance of late May. These include:
- Designating a person within the business to lead on GDPR compliance
- Ensuring that senior decision makers understand the general risk-based compliance approach and implications of failing to comply
- Allowing senior persons to establish or change processes in the business to show compliance and provide accountability and encourage support for the programme
- Training key persons in the business who collect and use personal data and obtain feedback from those persons about how the GDPR’s core requirements may affect their work
- Conducting an assessment for GDPR preparedness and compliance and a GDPR implementation budget
- Identifying the relevant National Supervisory Authorities and, if the business is not established in the EU, determining whether the business must appoint an EU representative
Making your business GDPR complaint is not rocket science, but you may well require some outside advice and expertise. Generally, clients may not need to incur the costs of engaging lawyers to assist with this but, if you do need help, we have a network of experienced GDPR professionals who look after our existing clients’ GDPR needs and work with a range of large and small organisations from property investment businesses through to marketing agencies.