GDPR: 12 month countdown to compliance
25 May 2017
We find ourselves less than 12 months away from the EU General Data Protection Regulation (GDPR) coming into force on 25 May 2018. This date will bring with it some of the most significant and impactful changes on retail operations, data analytics and customer lead conversion for many years. Compliance will require steps to be taken now and developed in the future.
Never has it been so true that failing to prepare, is preparing to fail – but this time that failure carries a potential fine of up to 4% of your global annual turnover (or €20 million, whichever is higher). The days of data protection not being a key priority for any business in the consumer sector are truly over.
Risks cannot be addressed if they have not been identified. Many businesses have not yet factored in the compliance audit and gap analysis processes that will be required to identify areas of non-compliance and the time it will take to review and revise internal documentation, policies and procedures. These tasks are not things that can be done quickly. If these projects are not in progress, they should be started without delay.
We have developed our Countdown to Compliance roadmap to help you navigate the key stages of becoming data protection compliant.
The roadmap provides a short explanation and indicative timeframes for each compliance stage together with summaries of key GDPR concepts for quick reference during your compliance journey.
This applies to all businesses, but the consumer sector does have some particularly impactful challenges. For example, the ICO consultation on GDPR consent guidance earlier this year made it clear that it will not be possible to continue to rely on any current consents from 25 May 2018 unless compliant with GDPR standards. In addition there is a toughening stance on electronic direct marketing. Recent fines issued to businesses looking to cleanse and update customer records shows how difficult it can be to prepare for GDPR. Emails to customers were treated as marketing and without clear consent records, this was considered a breach of legal requirements.
We hope that this is helpful in starting and/or developing your compliance journey. Should you have any queries or concerns in how best to approach these issues, please do not hesitate to get in touch.