Time left for GDPR compliance
What is the GDPR?
The General Data Protection Regulation (GDPR) is an EU regulation that is enforceable from May 2018. It has already been enacted into UK law, so its provisions apply irrespective of any Brexit negotiations.
It lays down stringent new conditions for obtaining and protecting data about people as individuals. For customer/client data management, staff records and direct marketing activities, it might mean dramatic changes to processes in daily use.
GDPR compliance is far more concerned with processes in organisations than IT security, however IT has its part to play, too. And the penalties for allowing a data breach to happen will be far larger than under previous law.
At Bristol IT Company, we are familiar with the new legislation, and can advise and assist you in implementing any necessary upgrades to your IT security.
It is important to stress, however, that most changes required to comply with the GDPR will be to company processes, rather than technical IT matters. Of particular concern are auditability of data management processes and the workflow for obtaining and safeguarding personal data sets, and destroying them once they are no longer required.
It's probably fair to say that the GDPR writes into law what has been, up to now, best practice for the management of personal data. So most of the issues are well understood already.
At the time of writing (December 2017), your plan for GDPR compliance should be well in hand, but even if it isn't yet, there may be no need to panic. Its also fair to say, though, that 95% of businesses probably do need to revise and improve their data management processes in order to be compliant.
But you still don't need to panic: talk to us for advice on how to proceed effectively!