Data – the core of GDPR
Data is one of your primary concerns. The legal and operational requirements that GDPR places on companies are wide-ranging and impact everything from the people employed by the organisation, through to policies, processes and technology. GDPR is clear that individuals have a series of rights when it comes to how their data is collected, stored, used and disposed of by organisations.
Elizabeth Denham, UK Information Commissioner said in her April 2019 speech,
“[GDPR] formalises the move of our profession away from box ticking or even records of processing, and instead seeing data protection as something that is part of the cultural and business fabric of an organisation.”
This means you must make sure you can operationalise the implementation of policies and establish they are being followed by employees in an automated way to be able to comply.