The GDPR is now enforceable, and we have the new Data Protection Act 2018. All businesses, of whatever size, and whether you sell only to other businesses, consumers, or both need to be able to “demonstrate compliance” with these new provisions.
Action Points for Compliance:
• Invest time in conducting a thorough data mapping exercise.
• Consider where you are passing on data – where are the third parties and why is it being passed on?
• Consider your budget for a breach – are senior management/the board fully aware of their new responsibilities and the potential for financial penalties?
• Ensure all third parties that you deal with have a GDPR compliant contract governing the relationship/use of data.
• Is your business IT savvy enough to deal with GDPR?