As the deadline in May 2018 fast approaches, for all businesses and organisations to comply with the law regarding data protection, I think many may feel overwhelmed by the legal speak and complexity around GDPR compliance.
In observation, many smaller businesses feel blinded by the sheer volume of the rhetoric and mantra now being pushed from all angles, and may seek to sideline or ignore this issue in the belief that smaller businesses will duck under the radar of the ICO (Information Commissioners Office) police.
To some extent this may be true for a while, but as the months pass, your compliance or rather non-compliance, will be highlighted by your supply chains, way before the ICO gets its hands on your organisation
The GDPR law is specific, not an option and will be enforced by the ICO. They are self funding from the fines that they will impose, and therefore aggressive audits in the market will be seen, as the deadline passes.
Larger organisations are already well prepared, and have plans in place to be certified “compliant” by the deadline. What then happens, is an audit of their supply chain to maintain their ongoing compliance.
The supply chain, eventually is YOU.
Customers and suppliers alike, will insist on your certified compliance in order to continue to do business with you. Remain non-compliant, and you may lose customers and clients within a short timeline. It is this pressure and requirement that will perpetuate and drive the take up of GDPR compliance, leaving the ICO to monitor and take action where the supply chain highlights.
If you haven’t already started, then time is running out to conduct the work needed to show compliance and satisfactory progress. An initial audit by RDS will provide the platform and gap analysis that will drive your action plans, and show you the road ahead to compliance.