Steve Connors, Partner and Governance Risk & Compliance lead at Haines Watts talk about the essentials of the GDPR journey.
The ICO wants to see that the journey has started and that there are plans for delivery within an organisation.
Complying with GDPR is about managing information risk and needs to consider the trio of risks; People, Processes and Technology; and these risks must be considered across all facets of an organization. One of the major issues organisation and their auditors have had with the previous Data Protection Act was that it was primarily viewed as an IT problem to be solved with technology.
The Articles that make up the GDPR make it clear that it is a people and processes problem and that by raising awareness, adequate training and developing robust processes the requirements of the GDPR can be adequately satisfied. There will be technology solutions that help with storage, processing, retrieval, transmission and security but their primary role is to help facilitate business operations in a secure and efficient manner, not guarantee compliance.
While some organisations are well on the way with their compliance journeys, others think they can fly under the regulation radar, the truth is that organisations of every size – not just corporations – must be GDPR ready.
You'll see Steve Connors dicussing this and chairing ARK Group's GDPR for Professional Services Firms event on 14 November 2018.