Enforcement of the GDPR Data Privacy regulations is with us now.

Elizabeth Denham, Information Commissioner for the Information Commissioner’s Office, again reminded businesses and boardrooms that all organisations processing personal data have to comply with the GDPR, the biggest change in data protection legislation in two decades. You can see and hear her broadcast by selecting this link.

As an Internal Auditor, Compliance or Risk specialist you will recognise that with potential penalties of up to €20M of 4% of turnover for failure to comply in the worst case, this should focus the corporate mind on doing the right thing.

And, the right thing has to be done now. Not tomorrow.

There are tons of resources available to help understand the GDPR, and a good start would be to download the 12- Step Guidance Plan, put together by the Information Commissioner’s Office. You can find this guidance by selecting the link below.

From an internal auditor’s or compliance perspective, two of the most important things to watch out for are oversight and accountability. The GDPR requires your organisation to show how it complies with the principles – for example by documenting the decisions you take about a processing activity.

It’s now time to double-check how your organisation has prepared for, and how they are dealing with the new legislation.