When the GDPR was announced, it was due to be enforced in the UK on 25 May 2018. Following the Brexit referendum, the UK Government has confirmed that the UK will implement GDPR before the UK leaves the EU.
Furthermore, the GDPR will continue to be relevant for many organisations in the UK – most obviously those operating internationally. So, as we will have to comply with the GDPR, it remains important to understand the implications of the GDPR.
According to the Information Commissioner’s Office:
If you are currently subject to the DPA, it is likely that you will also be subject to the GDPR.
This means that UK business will need to comply with various new features of the regulations, including breach notification and data portability. Failing to comply with these provisions, could preclude you from dealing with EU-based customers and partners.
Another important change from the current Data Protection Act is the new Principle of Accountability.
This requires you to demonstrate that:
You comply with the (GDPR) principles and state explicitly that this is your responsibility. This may include internal data protection policies such as staff training, internal audits of processing activities, and reviews of internal HR policies.”
Our Risk and Readiness Assessment is an ideal place to audit your GDPR-readiness, and crucially, ensure that you can demonstrate compliance.