MANY Organisations have not yet started to engage seriously with the GENERAL DATA PROTECTION REGULATION [GDPR].  When they do THEY MUST remember GDPR is all about data protection “by design” – this means that across THEIR WHOLE ORGANISATION businesses MUST build DATA PRIVACY RISK AND COMPLIANCE into ALL;

1. SYSTEMS,

2. PROCESSES,

3. POLICY & PROCEDURES AND

4. TRAINING

ALSO working to ensure a business is ready for May 2018 they MUST ensure ACCOUNTABILITY and ENGAGEMENT from board level down through all levels of the business.

If you have not started building your GDPR programme but are about to embark on your 12 month journey remember “speed and competitive edge” is not the priority at this time: compliance is what matters; take it seriously and do it right, getting it wrong may be expensive.