Compliance with the GDPR means properly designing and documenting compliant systems, procedures and processes which ensure the protection of personal data. This starts with executive ownership of the responsibility for personal data and will also entail training, good record keeping and the review of working practices.
The law has new requirements regarding the use of consent and how it should be obtained. To ensure individuals are being treated fairly, consent must be freely given and individuals fully informed. It is not acceptable to rely on silence or inactivity as consent.
It is definitely not enough to publish a policy which describes the intent to comply with GDPR.
Compliant procedures, systems and training are essential to GDPR.
This FAQ is in these categories: GDPR