We have reached the final step in our series of managing a GDPR project.
We have looked at:
- Step 1 – Setting the plan,
- Step 2 – Understanding where you are,
- Step 3 – Understanding what needs to be done,
- Step 4 – Take action & get started.
GDPR came into force in May 2018, but it is only the starting point.
How you process personal data will keep changing
This will require new assessments and your staff will need continuous training. You’ll need internal controls to ensure that your practices are in line with appropriate standards.
Make sure you have tools and routines that allow you to ensure control and compliance.
GDPR is not only about compliance
Focus right now is of course to get compliant. The first step is to set a right culture.
The GDPR will one day be replaced by a new regulatory framework.
Just like the GDPR was deemed necessary to keep up with the demands of today, stricter rules will be required in the future as the landscape of business evolves.
The problem with legislation is that it takes time to create and implement. This means it will need to be updated again.
Legislators do their best to write laws that work for some time and are technology-neutral, but the future is difficult to predict.
The best long term strategy is to not only comply with the GDPR.
It’s to strive to improve your practices in line with the development of industry practices and public’s expectations.
Even if it requires a higher standard than required under the GDPR.
This way, you will stand prepared for the next wave of regulations.