It’s been nearly two years since the General Data Protection Regulation (GDPR) came into force on 25 May 2018. What has evolved during this time as best practice for firms and what pitfalls should they be avoiding?
There is also the matter of how you should be working with your policies and procedures (which you may have drawn up fresh in May 2018 but have been residing in the bottom of drawers ever since).
First, it is clear that the GDPR is not just a tick box exercise – that once the job of ‘GDPR fying’ your practice has been completed, you can stop thinking about GDPR compliance.
The UK’s Information Commissioner Elizabeth Denham stated that the legislation “creates an onus on com...