Firstly let’s get the terminology sorted:
• GDPR = General Data Protection Regulation
• ICO = Information Commissioner’s Office
As you may already be aware, the GDPR will come into effect on 25th May 2018. The fundamental change from existing data protection is that it will be implemented into law and as such will give the ICO additional legal powers in respect to enforcing against non-compliance with data protection law.
There are a lot of rumours/companies creating a lot of panic within the business community, stating that large penalties will be incurred if you have not got anything in place. Whilst it is the case that the ICO will have additional powers, it is unlikely that businesses that have taken serious steps towards compliance should be overly worried. If for any reason the ICO has cause to audit your business, this will be carried out in a reasonable and fair manner – see the below quote from official ICO News Blog:
“We pride ourselves on being a fair and proportionate regulator and this will continue under the GDPR. Those who self-report, who engage with us to resolve issues and who can demonstrate effective accountability arrangements can expect this to be taken into account when we consider any regulatory action. That means being able to show you have been thinking about the essential elements and who is responsible for what within the business.”
We now have our own set of GDPR-compliant website documentation that can be on our website and we have also implemented comprehensive cookie control tools which further demonstrate our commitment to GDPR compliance.
If you would like further information about GDPR or would like to call/meet to discuss the options available to you, please do not hesitate to contact us and we will be very happy to help.