The 25th of May has come and gone – but this shouldn’t mean that not-for-profit organisations are putting their GDPR preparations on pause, or that they’ve missed the boat if they weren’t ready in time.
In reality, tighter data protection regulations mean that it is more important than ever to ensure that GDPR compliance arrangements are maintained. Organisations which fail to comply closely with new regulations face substantial fines.
Particularly at risk are small organisations, which may fall into the trap of thinking that they are immune to the consequences of GDPR breaches. Market analysis suggests that the majority of small charities are currently not GDPR compliant to an acceptable level, and many of these organisations have taken no steps at all to prepare themselves. However, smaller organisations are not an exception, and may still be faced with large fines from the Information Commissioner’s Office (ICO) if they are found to have significant deficiencies in their GDPR preparations.
But now the May deadline has passed and the new data protection regulation has already come into force, is it too late to begin preparing your organisation for the GDPR? I cannot stress enough that it is not, and I urge organisations that have not thought carefully about their GDPR preparations that now is the time to put a plan in place.
I would strongly recommend that organisations commission someone to review their GDPR preparations – even those that believe their preparations are completed. This independent individual can endorse any existing preparations, and provide a gap analysis to ensure that GDPR compliance can be maintained across the organisation.
Finally, it is also worth considering the appointment of a Data Protection Officer (DPO). Outsourcing this function is likely to be the best option, because you will get an experienced specialist, and will avoid any conflict of interest.
Mike Griffin is a member consultant with Eastside Primetimers and an experienced data protection specialist. If you need help or additional advice on how to get your organisation GDPR compliant, please call now on 0207 250 8334 or email firstname.lastname@example.org.