Time marches on relentlessly and May 2018 is now less than a year away. So what?
Elizabeth Denham, Information Commissioner for the Information Commissioner’s Office, has recently reminded businesses and boardrooms that there is much to do to get ready for the biggest change in data protection legislation in two decades. You can see and hear her broadcast by selecting this link.
As an Internal Auditor, Compliance or Risk specialist you will recognise that with potential penalties of up to €20M of 4% of turnover for failure to comply in the worst case, that this should focus the corporate mind on doing the right thing.
And, the right thing has to be done by May 25th 2018.
However, in recent audits that we’ve conducted we’ve found a worrying lack of progress towards completing the work that needs to be done, in order to be compliant with the new legislation, on time.
There are plenty of resources available to help understand and take action in order to be ready for the new GDPR, and a good start would be to download the 12- Step Guidance Plan, put together by the Information Commissioner’s Office. You can find this guidance by selecting the link below.
From an internal auditor’s or compliance perspective one of the most important changes to watch out for is accountability. The new GDPR requires your organisation to show how it complies with the principles – for example by documenting the decisions you take about a processing activity.
Perhaps it is time to double-check how your organisation is preparing for, and how they are going to deal with, the new legislation?