In time and risk it’s exactly the same as not wearing a seatbelt
A subject request could come in at any time following the introduction of the GDPR and from any direction.
An employee could ask for a copy of all the personal data you hold on them – and remember this could include all images you have of them as well as documents and records.
A former customer could ask you to delete all personal data you have collected on them.
A supplier could ask you to correct the misspelling of their name.
Would you be able to confidently deal with and respond to the request within the 30 day period required by the GDPR?
A data breach can be as simple as emailing the wrong person, leaving a document on the train and losing a phone or more complex, like falling for a phishing email or being subject to hacking.
With only 72 hours to report a serious breach to the regulator, the Information Commissioners Office (ICO), one person and one person only is in control.
All it takes is for one disgruntled former employee or customer or even a neighbour or competitor to raise questions about your compliance and complain to the regulator.
It doesn’t take five minutes for anyone to check whether you have a GDPR compliant privacy notice on your website or whether you have paid your data controller fee to the ICO.
But even if you have those outward facing steps in place, would your approach to GDPR compliance withstand a probe by the regulator?
Could your business survive the financial and reputational impacts of a data breach or compliance failure?
Maltix Partners have a simple proven solution and we are internally trained on implementing that.
It’s NOT expensive
And it’s https//: from start to finish.
And it’s contactless.
And you are 100% in control