The journey to GDPR compliance

With GDPR now in full effect, European residents are finally in a more privacy-friendly world. Organisations invested weeks and months getting to their interim privacy maturity states in the time leading up to the May 25th deadline. They largely prioritised efforts around areas such as data processing inventory, privacy notices, consents, DPO appointment, contracts addendums, rights request workflows, and basic training and awareness.

However, the work is far from over. Business must lay out a clear plan to progress from their current privacy level to the desired compliance level, a task requiring immediate attention. They must also plan to implement forward looking solutions allowing for sustained compliance as new data and processing activities come into the regulated perimeter.

This guide focuses on the next steps businesses can take to ensure compliance and good data practices in the long run across three main areas.