Following on from the announcement of the General Data Protection Regulation (GDPR) coming into force in 25th May 2018; the Information Commissioner’s Office (ICO) have published a 12 starting steps guide for businesses. Hence the publication contains action and considerations to take in anticipation of the 25th May 2018.
The ICO state that the strongest starting point is to be in compliance with the current Data Protection Act. If already in compliance, you will have a strong foundation where already steps can be taken to achieve GDPR compliance. With the potential fines of €20 million or 4% of global revenue, whichever is highest (up from £500,000); there has never been a stronger incentive to comply.
The important factor to consider in planning and implementing a new practice in consideration of these steps is balance. Certainly going above and beyond the regulation’s requirements will require a great deal of resources and planning which, for small businesses, may put a massive strain on their expenses and human resources. As a result it is important to meet the obligations of with the GDPR, while ensuring that over-compliance doesn’t swamp the business practice.
For planning and implementing effective and cost-efficient compliance, please do not hesitate to contact us.