This is the start of how things will be moving forward and we should all welcome that. Embrace it as an opportunity to prove to your customers and staff that you take care of the data they entrust to you.
You don’t own their data at the end of the day, it belongs to them.In fact, a lot of what GDPR requires are laws you should already be following under the 1998 Data Protection Act (DPA) and Privacy and Electronic Communication Regulation from 2003 (PECR).
So draw a line in the sand, evolve your culture and update your working practices.Assess your situation, get help where you need it, and train yourself and your staff.
You need to evidence of how you operate and how you train your staff, so document your processes as the ICO may need to see this.GDPR is about accountability and transparency. Knowing where to turn if you need help and knowing what type of help to ask for is quite a confusing area, which is why we assembled a group of specialist partners and put on the GDPRexpress events - so that organisations of all shapes and sizes can get the help they need no matter how large or small.