Industry has been waiting to see if GDPR had gone the way of other legislation/regulation – that is, it came in to force, but it was not constantly and persistently enforced so too many organisations didn’t pro-actively develop the processes and procedures they should have. Case in point, is the Data Protection Act of 1998. If organisations had been 100% compliant to those regulations it would have been but a small step to reach the standards sought by GDPR and the Data Protection Act of 2018. GDPR Gap Analysis of organisations across commercial, charity, retail and sporting sectors has shown only lip service has been given to maintaining compliance to DPA 1998 in many organisations.
As with most new requirements, legislation or regulation and technology, there are early adopters, second wave adopters and followers. GDPR is no different. Many SME owners have told my industry colleagues, they don’t believe GDPR applies to them, or they will wait until they hear about fines and penalties being applied to others before acting themselves. These same business owners and senior managers need to heed the fact the bigger organisations are now being penalised for falling short and it is only a matter of time before smaller organisations, such as theirs feel pain.
See the latest fine for Google https://www.theregister.co.uk/2019/01/21/google_50m_cnil_gdpr/
Developing a GDPR action plan, based on sound principles now, is not too late if you’ve not started yet. If you’re challenged by a possible or actual breach, having made a start on your prioritised action plan is going reduce business disruption and distraction from your core reason for being.
Take action now: Cybata offer a free of cost 1 hour discovery meeting to help business owners understand the scope of the regulation, their responsibilities and what next steps need to be taken.