GDPR Awareness: are you ready?

GDPR Awareness: are you ready?

The 2nd instalment of TRU’s exclusive GDPR blogs.

The General Data Protection Regulation (GDPR) passed by the EU in May 2016 takes individual member states’ Data Protection laws and combines them into a new regulation that has scope throughout the EU. When the GDPR was passed a two-year period prior to succession into member state law was granted to allow individual member states the opportunity to prepare for the most comprehensive change to data protection legislation for 20 years.

A Regulation, unlike a Directive, passes into member states’ statute law without the right to derogation or delay. GDPR will become law in every EU member state on 25th May 2018.

Fundamentally, this means that in the UK the current Data Protection Act (DPA) will be replaced by the GDPR. The DPA is a great starting point as any organisation that is fully compliant with the DPA will find that much of their current approach will remain under the GDPR. However, the requirements of the GDPR are more wide-reaching than those of the DPA.  The GDPR takes an already comprehensive Act and enhances it, and adds new areas for consideration.

An organisation that meets the criteria to register with the Information Commissioner’s Office (ICO) under the existing DPA will continue to meet the requirements for registration under the GDPR.

In the light of the above, now is the time to start raising awareness of the requirements of the GDPR amongst key personnel within your organisation. Are the board of directors discussing the requirements of the GDPR? Are the directors, senior managers, key IT and HR departments confident that the organisation is GDPR ready? An organisation should ask “are we confident that we know exactly what data we hold?” Aligned to this the next question should be “are we clear on where that data is held?”

Should the answer to the above questions be “no”, the logical starting point would to be analyse the current risk register, if one exists.  Without a risk register it will be almost impossible to address all of the criteria needed to ensure full GDPR compliance. To be fully compliant by the absolute deadline of 25th May 2018, consideration should be given to resource allocation – both financial and in terms of personnel. Although not onerous in complexity the work required is exceptionally time consuming and even a small delay in preparation could lead to the organisation not being compliant in time.

The impact of non-compliance should not be underestimated. Maximum fines for data breaches under the GDPR are £20m or 4% of gross global turnover, whichever is the greater. In many cases this would spell extinction for the organisation.

In the next blog in this series we will look at the next step in the journey to GDPR compliance – assessing what data is held.

Related Products

TRU Cloud

The right place in the cloud to run your Transportation Optimisation.

TMS made easy: the transportation management system combining cloud, mobile and social technologies for complete TMS capabilities.

TRU Cloud Brings Same-Day, Rapid-Deployment Transportation and Logistics Management.

View Product

TRU Connect

Integration is the key to clean seamless data movement between business systems.

In the past Transportation Platforms have often been implemented via a cumbersome combination of text file and manual operational processes, or complex inflexible API’s that can be expensive to build and maintain.

View Product

TRU Platform

Our innovative transport management system "TRU Platform" is designed to help companies plan, manage transport operations that drive business growth and service.

Optimise delivery schedules and track orders through to final delivery and Invoicing. TRU Platform also is a business analytics tool that transforms transportation data into meaningful views of order/fleet performance.

View Product

More from News