The 25 May 2018 deadline to comply with the General Data Protection Regulation (GDPR) is rapidly approaching. Yet a staggering 41% of UK organisations are still unaware of the implications that the GDPR will have on their business, according to research from electronics company, Kyocera. What’s more, only 36% of UK organisations have started GDPR implementation, according to technology compliance company, TrustArc.
Such ignorance could be catastrophic, as 73% of UK organisations do not know that GDPR fines for non-compliance can top out at €20 million, or 4% of global turnover, whichever is higher, according to software company, Trend Micro.
To help you comply with the GDPR, implement the following practices:
- Complete the official GDPR self-assessment from the information Commissioner’s Office (ICO).
- Review the ICO’s 12 recommended steps that you should take right now to have a more complete understanding of what your organisation needs to accomplish.
- Prioritise cyber security at the highest level of your organisation by building cyber governance into your organisational structure. Emphasise that cyber security and GDPR compliance is the entire organisation’s concern, from the board members all the way down to the interns.
- Review your organisation’s process for collecting clients’ consent. Whatever your process may be, it must provide an active opt-in. Additionally, keep well-organised records that clearly outline what individuals have consented to, what they were told, and when and how they consented.
- Purchase a comprehensive cyber insurance policy, which can cover management liability, reputational damage and privacy breach costs.
For more information about what your organisation can do to become GDPR compliant, please contact your local GS Group branch today.