Recent months have witnessed a very noticeable increase in organisations commencing work on their preparations for the General Data Protection Regulation (‘GDPR’). A common theme is emerging: where to start?
Reading 173 Recitals and 99 Articles is challenging enough — before you have even started the real work of digesting the text, contextualising it, developing a coherent implementation plan and getting buy-in across the organisation. Many organisations are understandably tempted to bury their heads in the sand and hope for some sort of consensus approach to emerge (if you are in this camp, sorry — this will never happen). Meanwhile, a community of Data Protection and Compliance Officers are panicking at the scale of work before them. If you are in this latter camp, maybe the approach laid out below can help you.
While the below advice cannot promise that the GDPR will not cause you indigestion, the steps outlined might at least help you to consume the GDPR meal in five chunks that will assist you in structuring the next 14 months as we head towards D-Day on 25th May 2018. Bear in mind that the steps are not sequential and should run in parallel. So while step 1 below would be a good ‘starter’, don’t feel you can’t move to the next course if you haven’t finished it. Also, don’t be surprised if you need to access additional resources to complete the steps.
This article was first published by PDP Journals and should not be re-published on any other website or publication.