On the 25th May 2018, GDPR became enforceable. It’s been an interesting year. From what you can see around you and the way companies are behaving, some are still not aware of their GDPR obligations (let’s put it that way). So far none of the big fines that everyone has been worried about have come to fruition. The different supervisory bodies across the EU are making their interpretations of the legislation known. Things are starting to settle down, organisations understand what is required of them, (though whether they are acting on it, sometimes is not apparent).
I think the biggest struggle organisations have had over the last year, is getting their heads around, it’s not a tick in the box, it is an ongoing project. Yes, much of it is routine and once embedded into processes, works well. But no organisation stands still, change is a natural part of running a business and when we make changes we may need to reflect on how we use data within our business. This means being proactive. Thinking ahead. Planning. Most things are possible with someones information, providing organisations are transparent about how they intend to use it and have a legal basis in place. Forward thinking is essential.
If you have not been forward thinking and GDPR is still on your to-do list, start with some easy actions like understanding where your data comes from and how you are using it.