What happens after May 25th? The sun will come up on a brand-new day, but with one significant difference... The UK will transition into a new age of data protection with the General Data Protection Regulation or GDPR taking effect.
At present, it feels as though the main focus of most businesses is to take steps in preparation for GDPR, but few are getting to grips with the ongoing requirements of data protection.
Managing your responsibilities as either a data controller or processor is not a one-time affair. You cannot simply issue new statements, policies, training or measures and breath a sigh of relief once May 26th has arrived.
There is a genuine concern that many businesses feel that simply implementing the changes to meet the new regulation is enough and that once complete they can move their focus to other areas of the business.
GDPR is not a race with a finish line – it is an organisation’s ongoing responsibility to maintain compliance.
Take consent, for example – what are your plans for reviewing consent for marketing purposes? What schedule do you have in place to refresh consent, if indeed you have a schedule at all?
Or, what about ‘privacy by design’ – will you be able to detect a data breach in a year's time? Have you strength tested your preparations? Are those responsible for IT within your organisation planning to update policies and measures to reflect contemporary risks?
How about staff training? What are your plans to maintain competence and train new starters on data protection requirements?
As with any piece of legislation or regulated activity, the onus is upon the organisation to evidence what they have done and are doing. Maintaining adequate levels of data protection is a continual activity and one that should be reviewed and checked on a regular basis.
Make sure that you don’t get to May 25th and take your eye off the ball. Data protection has rarely been higher on the agenda.
If you would like to discuss any issue in this article or would like to know more about RWA’s GDPR services, please email firstname.lastname@example.org.