On 25th May 2018, new legislation will come into effect affecting all businesses handling personal data.
Whilst much of the GDPR is similar in spirit to that of the Data Protection Act, GDPR broadens the coverage of data protection legislation, with significantly increased penalties for breaches.
Complying with GDPR can mean big changes to internal policies, procedures, IT infrastructure and relationships with 3rd party service providers. It is vital that you review your current data processing activities and procedures to ensure that you are compliant with General Data Protection Regulations before May.
If you have any interaction with individuals, businesses from all industries will be affected by GDPR.
Companies that may have previously avoided data protection compliance issues will now be subject to new obligations. These may include:
Due to the sensitive data they may hold, some organisations may require more detailed review and overhaul of processes and documentation. Those industries will include:
The most important advice on GDPR is do not panic, and see GDPR compliance as an opportunity to promote the quality of the service you provide to your clients and customers.