Time marches on relentlessly and the enforcement date of 25th May 2018 for the GDPR is almost upon us.
Elizabeth Denham, Information Commissioner for the Information Commissioner’s Office, has recently reminded businesses and boardrooms that there is much to do to get ready for the GDPR, the biggest change in data protection legislation in two decades. You can see and hear her broadcast by selecting this link.
As an Internal Auditor, Compliance or Risk specialist you will recognise that with potential penalties of up to €20M of 4% of turnover for failure to comply in the worst case, this should focus the corporate mind on doing the right thing.
And, the right thing has to be done now. The enforcement date is May 25th 2018!
However, in audits that we’ve conducted we’ve , found a lack of progress towards completing the mandatory work that needs to be done, to be compliant with the new legislation, in time.
There are tons of resources available to help understand and take action in order to be ready for the new GDPR, and a good start would be to download the 12- Step Guidance Plan, put together by the Information Commissioner’s Office. You can find this guidance by selecting the link below.
From an internal auditor’s or compliance perspective one of the most important changes to watch out for is accountability. The new GDPR requires your organisation to show how it complies with the principles – for example by documenting the decisions you take about a processing activity.
Perhaps it is time to double-check how your organisation is preparing for, and how they are going to deal with, the new legislation?