A staggering 25 per cent of businesses are purportedly still not aware of the EU GDPR (General Data Protection Regulation) according to Brodies. A frightening figure. Even more worrying when 28 per cent of respondents to the same survey confess they are unlikely to – or don’t know whether they will – be compliant by May 25, 2018.
However, as with political polls, just how accurate are surveys of business readiness? The number of unprepared businesses may even be higher. In My experience, it is common during major transformation projects to discover that what a business reported it knew about its estate, processes or governance is at variance with the reality. Recognising the value of revisiting and rechecking everything I think I know is critical.
Preparing for GDPR is no different.
The GDPR will apply to all organisations collecting and processing personal data on EU citizens. The sheer volume and scale of data breaches hitting the headlines, not to mention those that haven’t, should be a wakeup call for businesses to get their data in order. Yet despite these breaches and the looming deadline, preparation for the GDPR is still patchy.
Organisations must act fast to put measures in place that demonstrate compliance, to avoid potentially eye watering fines. Should a breach occur, the regulators will want to know what measures you had in place (or not) to avoid it in the first place.
With this in mind, here are seven steps to start your compliance journey today.