By JP Buckley

The 25 May 2018, when GDPR, and the associated UK Data Protection Act 2018, came into force was a landmark date for data privacy, but fast forward nearly six months, what should you be doing now?

A plan is critical

Doubtless you will have all seen project plans setting out all the things your organisation needs to do to be ‘GDPR compliant’. That compliance is however not a single, set, marker – but rather an evolving landscape where what is required for compliance changes, based on your activities, operations and your people. We often get asked ‘what do we need to do to be GDPR compliant?’ The core parts of the answer are self-evident from the requirements in the GDPR itself and related guidance, and then making those operational. This article focuses on planning and delivering that ongoing change, as well as raising awareness.