Enforcement of the GDPR Data Privacy regulations is on top of us now.

As an Internal Auditor, Compliance or Risk specialist you will recognise that with potential penalties of up to €20M of 4% of turnoverfor failure to comply in the worst case, this should focus the corporate mind on doing the right thing.

And, the right thing has to be done today. Not tomorrow.

There are tons of resources available to help understand the GDPR, and a good start would be to download the 12- Step Guidance Plan, put together by the Information Commissioner’s Office. You can find this guidance by selecting the link below.

From an internal auditor’s or compliance perspective, two of the most important things to watch out for are oversightand accountability. The GDPR requires your organisation to show how it complies with the principles – for example by documenting the decisions you take about a processing activity.

It’s now time to double-check how your organisation has prepared for, and how they are dealing with the new legislation.

Otherwise it will be too late and your organisation could follow in the footsteps of those corporations now facing huge fines and appearing uncomfortably in the news.