At this stage most businesses are aware of the premise of the GDPR and some of the steps that they should be taking. However, many businesses are still unaware of key issues that businesses will have to address to maintain compliance and the clear steps that they need to take to achieve this.

The General Data Protection Regulation (GDPR) is an EU regulation which attempts to strengthen and unify data protection for all individuals and addresses the export of personal data. It comes into force May 2018 and will be unaffected by Britain’s EU status as the Government has pledged uphold the key points. Furthermore, many British businesses deal with data from EU citizens outside of Britain so will have to address the GDPR anyway.

Now that the GDPR is only months away it is now crucial for businesses of all sizes to understand the key clauses in detail.

1. The GDPR is not just a legal or IT issue

The GDPR affects all parts of the business that store personal data of employees or customers. So plainly, it affects almost all sections of the business. Because of this the GDPR can be considered as a Business Process issue that needs to be considered business-wide.

2. GDPR compliance will not happen overnight

Due to the misconception about GDPR being a legal and IT issue, many businesses are underestimating how long it will take to be ready for May 2018. The GDPR requires consideration of all data stored by the company and what steps you will take to show a proactive approach to securing this data.

3. The GDPR WILL be enforced

The Information Commissioner’s Office (ICO) are in the process of hiring over 300 new members of staff for the launch of the GDPR. Although there will probably be a small window of time where ICO will waiver some infringements, especially for smaller companies, this shows how serious the ICO are about catching businesses data infringements.

4. Failure to comply will be a huge impact on your business

By now most people assigned to deal with the GDPR within a business are aware of the substantial fines that the GDPR bring: up to €20 million or 4% of your annual turnover, whichever is higher. However, the GDPR also possesses a serious reputation threat to businesses. As seen by the widespread coverage of recent data breaches such as Talk Talk and the NHS.

5. You may need to appoint a Data-Protection-Officer

The Data Protection officers are appointed from within your company and are responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements. DPOs are required when the business process requires the “regular and systematic monitoring of data subjects on a large scale’ or when a company conducts large-scale processing of ‘special categories of personal data’ such as medical records or religious beliefs.