As we approach the final six months before GDPR is finally with us, there is still time for businesses to get ready. If you haven't given serious consideration to how GDPR will affect your business, now is the time to do so.
The starting point for any business needs to be a personal data audit: assessing what personal data you have and what you use it for and then checking if that use, and the way the data was obtained, meets the higher compliance standards of GDPR. In many cases the justifications currently relied on will not be enough, particularly in relation to using consent.
Getting consent is not going to be the panacea it has sometimes been seen as in the past. Relying on consent brings additional rights in favour of the individual, and consent in any event needs to be unbundled and freely given. Broad brush consents incorporated into terms and conditions will be particularly vulnerable.
One of the key changes under GDPR is the accountability principle which means that data controllers need to be able to demonstrate the technical and organisational measures which they have implemented to prove compliance. It will no longer beenough to hope you have it right.
In the coming weeks and months we will be blogging regularly on the latest GDPR developments and offering advice on how to deal with the main challenges which GDPR brings. In the meantime a summary of the key changes under GDPR can be found here.