There's no getting away from it. GDPR is on the way and the country’s businesses are all having to make ready for its implementation.

Bearing in mind the seismic technical advances which have taken place since the most recent data protection legislation, way back in 1995, the European Union General Data Protection Regulation to strengthen the protection of personal data for all EU citizens is a good thing.

Ensuring full compliance to avoid heftier fines - the harmonised new rules will affect companies of all sizes, in all regions and industries whether they’re in the EU or out of it - means there’s quite a mountain to climb between now and the May 25, 2018 arrival date.

For example, there will be certain private sector organisations that will have to make ready to welcome a new member of staff - a Data Protection Officer (DPO).

The idea of having a privacy professional on the team to steer compliance issues is not a new one but previously it was only regulated by member states. From next year a DPO will be a must for some, regardless of size if they are processing personal data in the capacity of a controller
or a processor.

(A DPO can be shared between organisations that are not large enough to justify appointing their own.)

Even those who are not obliged to make such an appointment could still find themselves required to employ an experienced privacy professional.

Those firms, for which processing personal data is all in a day’s work, are also facing not only stricter rules, but new ones as well.

They include:

• Extensive notice requirements.
• Privacy by design and by default for each processing.
• Breach notification to DPAs.
• Privacy Impact Assessments.
• Stronger rights for individuals.
• Record keeping of processing operations.

So how can you make sure that you and your business are doing what you need to do for GDPR and make sure that you are ready for implementation?

At the very least it’s worth visiting the website of the independent Information Commissioner’s Office (ICO) which has already made clear its commitment to helping organisations prepare, and has published a host of practical and signposting guidance on its website at www.ico.org.uk.

As part of that advice, it has, helpfully, drawn up a 12-point checklist to serve as an invaluable guide as to what needs to be done to conform to the forthcoming regulations.

1. Awareness

Don’t assume people know about the GDPR timescale - ensure those who need to know, do know the timescale for implementing the necessary changes for compliance.

2. Information you hold

Ensure you have a record on what personal data you hold, where it comes from and with whom it is shared.

3. Communicating privacy information

Review your privacy notices and plan how they have to change to be GDPR compliant.

4. Individual rights

Check processes to make sure you can fully delete a person's data if requested or provide them with their data if they ask for it.

5. Subject access requests

Will you be able to handle requests within the new timescales and provide any additional information? Time to start thinking about that.

6. Legal basis for processing personal data

Identify the legal basis of any data processing you do. It will have to be thoroughly documented.

7. Consent

Review how you gain customers’ consent for any data collection and that your process meets new guidelines. If not, plan how you will make the required changes.

8. Children

Do you have systems in place to verify ages and gain parental consent for any data collection on children?

9. Data breaches

Are the right procedures in place to detect and investigate a personal data breach?

10. Data protection by design and data protection impact assessments

Plan how you will pass a privacy impact assessment and put new measures in place if you fall short of the new requirement.

11. Data protection officers
See above.

12. International

If you organisation operates globally, make sure what supervisory authority its different divisions fall under.

Of course the real key is to evolve a timeline that’s specific to your business. The ICO’s checklist is a great starting point but there’s no doubt you will need to go into much greater detail to evolve a timetable that’s right for you.

And once you’ve got everyone on board and working together, that May 25, 2018, deadline won’t seem very far away. So if you’ve haven’t started, the time to get going is NOW