Preparing for the General Data Protection Regulation – Digest
The European Union’s General Data Protection Regulation (GDPR) is the biggest shake-up of global privacy law for over 20 years. Adopted in April 2016, with enforcement due from 25 May 2018, the GDPR represents the culmination of over five years of effort to modernise data protection.
This digest helps an organisation to prepare for the GDPR’s requirements. It recommends that an organisation should:
- determine the applicability of the GDPR to data processing activities
- evaluate the effectiveness of data protection controls
- assess the scope of data protection capabilities
- understand the consequences if the GDPR’s requirements are not met
- aim to comply by 25 May 2018.