Preparing for the GDPR is an item on most businesses’ agendas by now. Inundated with marketing emails and written content from various providers, businesses are being offered help with systems compliance on a daily basis. With the wealth of information available, it can be difficult to scale the task ahead and decide whether your business needs a full compliance audit or a more moderated approach.


  • Get somebody on your board to take charge of GDPR compliance. It will make those budget conversations much easier. Business unit heads need to be accountable too.
  • Once the>Privacy Shields. Model Contracts. Binding Corporate Rules. These terms may all sound equally foreign and impenetrable. For now, it is likely that model contracts will be the simplest way of ensuring compliance with overseas transfers outside the EEA (although now it has been approved, you can also use Privacy Shield for transfers to the US).
  • Talk to the people in your IT team and not just the director in the team. Do you have a suite of policies (some of which may have accompanied staff from their previous workplace) or do you have a single page in your staff handbook? They should be compared to publicly available ICO guidance on common security errors businesses make. Find out what happens in practice in your business. There is more obvious stuff in there such as encrypting laptops but also more esoteric advice on SSL technology and hashing and salting of>
  • Draw up a>
  • Get a wall calendar with project milestones on it.
  • Finally, you might start looking into software solutions that assist with documentation. Half the GDPR battle is logging compliance!


For further information please contact:

This article is for general information purposes only and does not constitute legal or professional advice. It should not be used as a substitute for legal advice relating to your particular circumstances. Please note that the law may have changed since the date of this article.