With many businesses focussing on the implications of Brexit and the uncertainty surrounding it, preparing for the GDPR is falling somewhat under the radar and many businesses are unlikely to be prepared for its introduction.
The first step to prepare is to understand the formal and informal obligations that the GDPR places upon the organisation that are affected by the new legislation.
Organisations that deal with large amounts of sensitive data may be obliged to appoint a Data Protection Officer (DPO). The role of the DPO is to ensure that all staff within the organisation are aware of the GDPR and are operating well within the requirements of the legislation.
Further, organisations must appropriately respond to the broadened rights of individuals. Individuals can now access the information companies hold on them, and ask for this to be deleted. Therefore, companies must implement processes and frameworks that are unique to them and their operations to ensure they can meet these obligations.
Finally, if at any point after the GDPR is introduced there is a data security breech, companies have to contact the relevant local authorities and ALL individuals whose data is affected by the breach. This being so, individuals within the firm who are involved with data handling must be well aware of how and who to contact in the event of such a breach.