There is no shortage of information about the GDPR out there, from the six core principles to data subjects rights to the lawful basis for processing, there is a dizzy number of changes an organisation may need to implement.
Now that the General Data Protection Regulation (GDPR) is live and enforced, the focus has shifted from how to comply with how to maintain the controls and processes which have been implemented. While this may just seem like a continuation of what has been achieved already, it is in actual fact a moment to improve. Those processes and changes which were rushed or not properly embedded into day-to-day operations will now need to be cultivated amongst staff for the long haul.
Is the board listening? We all know that GDPR will be enforced from 25th May 2018, but is your board aware of their new privacy obligations? While there is substantial GDPR coverage in the technical press, has the message got through to senior management? Are their preparations adequate?