GDPR is a fact now. It arrived and it is here to stay. Have we done all we should, or are we managing risk? Are we clear of what it entails to be compliant, or we are thinking that if we replace the word "DPA 98" to "GDPR" in our Private Policy on the website we are done?
I am a certified GDPR practitioner since last year, but I came upon GDPR by accident and not because I was made aware as a business owner. I talk to people all the time and I have observed a spectrum of feelings: frustration on the luck of clear information, angst, indifference, blissful ignorance. But most of all, businesses that want to be compliant, still can't find enough information on what it entails to become compliant. I know the ICO is doing as much as it can to help by publishing information on their website - it has done for a while. But you must be aware of what you need, before you need it and we were not. We had since May 2016 to get ready; it took Cambridge Analytica's mishandling of personal data for some of us to become aware of our rights.
Article originally published on 11 June 2018