The clock is ticking louder every day. The EU General Data Protection Regulation (GDPR) rules will become compulsory from 25 May 2018. Organisations, businesses and institutions will need to take action to implement effective compliance measures. Key activities will include end-to-end process reviews, adjustment or amendment of relevant controls and re-alignment of risk profiles. Everyone concerned also needs to take into account the tough penalties that come with breach of this legislation. Who are the key actors? And what do they need to know?
Decision-makers and others in responsible roles must get involved. They need to understand quickly that the law is changing to the GDPR and that the time scales are tight. They need to appreciate the impact the new Regulation will have. Finally, they need to identify the areas within their business operation that could cause compliance problems. The tasks ahead are not trivial. Ensuring compliance could have significant resource implications, especially for larger and more complex organisations. All those concerned must keep at front of mind the urgency of the situation. We only have 24 months as a lead-in period for raising awareness and implementing required changes. Compliance will be challenging, even for organisations starting to prepare now. For those who delay until the last minute, time – and regulatory tolerance – will undoubtedly run out.