If you're not, you are not alone with less than half the companies in a recent survey having begun any activities. However, you can't just ignore it and hope the issue will go away.
GDPR is being introduced in the UK in May 2018 and with significant penalties for non compliance and requirements to overhaul and control both systems and data, the time for action is now.
The legislation itself is broad and detailed but it can be distilled down into some key concepts of consent; technical and organisational measures; and compliance. One of the most important aspects will be the requirement to not only be compliant but to be able to demonstrate it.
You must begin assessing the adequacy of your underlying systems and processes to ensure that you have time to meet the coming deadlines.
For many businesses, GDPR demands a total restructure of how they handle, process and think about data – and what constitutes best practice. It’s impossible to cover the minutiae of GDPR, but there are four concepts UK businesses need to get to grips with prior to implementation.