With the General Data Protection Regulation (GDPR) coming into effect next May, it is vital that organisations take action to ensure they are ready to comply. It will be a challenge to be fully compliant by then, but taking care of the risky areas first will serve the most purpose. Begin by assembling a project team that identifies key stakeholders and a board or senior management buy-in to support the project. Conduct an initial risk assessment to better understand how the business currently collects, uses and shares personal data, and how these steps are regulated. Finally, establish a GDPR compliance action plan that includes prioritising activity and remedial measures; creates a data register; and provides training.
