It has been hard to miss the introduction of the General Data Protection Regulation (“GDPR”) which had an effective date of the 25th of May 2018. However, the question is, is this the end or merely the beginning? Hannah Steggles, Director of Howes Percival explains.
Many businesses have been targeting 25 May as the day for GDPR compliance. However your obligations under the GDPR are ongoing. The GDPR is not intended to bring about a one-time review but more a sea change in the attitudes of businesses towards data protection. It is something which needs to be reviewed and reflected upon regularly. So even for those who believe that as of 25 May 2018 they are GDPR compliant this is not the end it is merely the beginning.
But what does this mean for businesses which are not yet fully compliant with the GDPR or which are still uncertain as to what their obligations under the GDPR might be.
The first thing to note is that the GDPR cannot be ignored. The fines for non-compliance can be substantial, up to €20 million or 4% of worldwide annual turnover, and as those have been involved with GDPR preparations will testify, to put in place the measures necessary for compliance is not something which can be done without thought or effort.
The scope of the GDPR is wide reaching and it applies to all organisations who collect and handle personal information, whether that be personal information relating to employees, customers, suppliers or contacts.
For those not fully compliant on 25th of May 2018 or who have yet to start working towards compliance you can be confident that you are not alone. Many organisations will be in a similar position. This is not a time to panic but to ensure that you have a plan for compliance.
So no matter whether you have been working towards GDPR compliance for many months or whether this is something which has only just come to your attention the simple truth is that this is very much the beginning and not the end.