The new GDPR regulations will come into force from the 25th May 2018. This short guide will walk you through how to prepare.
It is essential to start planning your approach to GDPR compliance as early as you can to stay ahead of the inevitable changes. You may need, for example, to put new processes in place to deal with the GDPR’s new rules which could have implications for your budgets, systems, and teams. Based on our experience, the broad challenges are often the same so we have developed this quick 3 phase guide to help you through.
- Prepare: Start increasing awareness now of the main differences between the current law and the GDPR across your business by tapping into and sharing the support resources out there. The Information Commissioners Office is producing regular helpful guides to what you need to do. Your current compliance approach will be a good foundation however there are a number of changes so you are likely to have to do some things differently. You will start to develop an assessment of the GDPR’s applicability and likely impact. We recommend you take legal advice at this phase.
- Implement: Once you’ve established what you’re going to have to do, you’ll need to make sure you have the budget, people and skills to effectively deliver the necessary changes. This can be difficult when you have other priorities which need to happen within your business however it is essential in order to be compliant. You’ll need to do a detailed gap analysis to identify the exact changes you’ll need to make, and then use these to create an action plan which you’ll then follow.
- Review: At the end of the implementation you’ll need to validate that the changes you have made meet the regulatory requirements of the GDPR. This may involve independent assurance testing and steps to transfer activities over to business-as-usual. You’ll also need to check your policies have been updated correctly and that your team have been trained so that they fully understand how they contribute to compliance with the new regulations.
To maximise your chances of success, we also recommend:
- Introducing robust regulatory monitoring processes to help identify future changes so you can respond rapidly and appropriately.
- Clearly communicating throughout so your team have a good understanding of expectations from 25th May 2018.
- Setting up consistent processes with defined roles and responsibilities will simplify future audits, increase employee engagement and reduce unnecessary duplication of effort.
Good luck and let us know what your questions are about the GDPR.