As I prepare to go on the radio tomorrow, to discuss GDPR with a panel of other ‘experts’, I have been considering my experience so far.
Views on it seem to vary widely from a complete ignorance about it to the attitude that it’s just another Y2K, to complete panic. Whilst no one really knows what’s going to happen when, on 25 May, the ICO starts to regulate and penalise companies who are in breach of the rules, it does seem dangerous to do nothing.
My previous blog covers the advantages to you, the individual, and this alone could mean the ICO will experience a number of whistleblowing situations from individuals who feel they’ve had their rights breached. Having recently recruited a further 200 people, the ICO will almost certainly be ready to investigate these situations.
On Monday I posted an article published by www.smallbusiness.co.uk (https://www.linkedin.com/company/simplyoperations/) suggesting that a high percentage of people are likely to exercise their right to be forgotten as they’re concerned about the safety of their personal data. 
Another thing that struck me is how people seem to be stuck on getting ‘consent’ to hold data as if it’s the only ‘lawful’ reason for holding it. Of course, for most people that will be the best reason to hold it, and is certainly preferential if practical. But, it shouldn’t be forgotten that there are a total of six reasons for holding data so, before you get into a huge campaign to obtain consent, consider whether it is necessary.
For most companies, they already have measures in place to be compliant with the original Data Protection Act and their main aim will be to tighten the practices they already use. For others, it might take a bit more thought. Either way, getting someone, like me, to go through everything with you, will make everything clear, get it recorded in a policy and help you to be compliant before the May deadline.