Countdown to GDPR: How well are you prepared for the new regulation?

38 days and counting.

We’re not talking about the next Bank Holiday. We’re talking about the day that the General Data Protection Regulation (GDPR) will replace the Data Protection Act 1998.

Five and a half weeks may not sound long to prepare for something this transformative but it’s not too late to make plans and map out what you need to do to be ready. To quote the Information Commissioner, ‘25th May is not the end. It’s the beginning’.

For the last 12 months we’ve been busy creating a roadmap of what we need to have in place to prepare for GDPR, and over the last six months things have been really hotting up.

Opportunity for advantage

A technical solution is not the panacea; a piece of software won’t make you compliant. It’s up to you to make sure that you know what your responsibilities are and understand what you need to have in place, such as processes and policies. And, importantly, you must be able to demonstrate that you can comply with GDPR – you must show that you’re ‘accountable’.

It’s crucial that you get buy in from the top of your organisation and that the steps you will take are valued. Don’t see GDPR processes as a box ticking exercise – look at it as an opportunity that could give you a competitive advantage and, at the same time, allow individuals to have more control over their data.

Your questions answered

In remaining weeks leading up to 25th May, our compliance manager Kathy Fleming will answer some of the burning and more common GDPR questions.

“We’re an SME with just over 100 employees – do we need to do anything about GDPR? Isn’t there an exemption?”

KF: If you handle personal information, then you have responsibilities under data protection law and the introduction of the GDPR doesn’t change this. GDPR places obligations on organisations to document and maintain records of their data processing activities. However, there is a limited exemption which means that if you have less than 250 employees, you only need to keep limited records. Don’t forget, you may be required to make the records available to the Information Commissioners Office (ICO) on request!

The ICO website has produced some useful templates that you can use for this purpose.

If you have a question, email it to or post it as a comment on LinkedIn.