I’ve been trying to wrap my brain around GDPR for a while now and have four major concerns:
1. The documentation is complex and incomplete. How can you build systems and processes based on incomplete documentation?
2. A lack of guidance from ICO. Help and support from ICO is woefully inadequate. Most companies are blissfully unaware of the change and the potential impact on their business.
3. The enforcement approach of ICO. Anyone can read the recent enforcement notices. If this doesn’t scare you then the last one will.
4. ICO have allegedly employed 200 inspectors. These are not advisers to help companies interpret the documentation, these are enforcement officers. Take a look at the ICO website. Their roles are investigation, enforcement, and prosecution.
If that doesn’t scare you then nothing will.
The best plan? Start your GDPR planning and implementation now. Document everything – show that you have made efforts to apply the regulations. Don’t wait.
Don’t risk a huge fine.
Good luck all.