The Advent Countdown-to GDPR!

The Advent Countdown-to GDPR!

For many, at this time of year, the word ‘countdown’ conjures up the excitement of ticking off the days’ towards Christmas.  For businesses however, the real countdown is from November 25th ; not just one month from Christmas Day, but also 6 months to GDPR.

Many businesses are already on their GDPR journey with preparations well under control. If you are not presently in this privileged position, don’t panic.  Much can still be achieved in the remaining 6 months provided you give GDPR the appropriate air time it requires.

The lead in time for GDPR now dates back 18 months. With such a horizon many businesses have relegated, and firmly anchored, their GDPR preparations in the ‘to do’ pile investing their time and energy in other, ‘more pressing’, matters.  Now however, that once distant horizon is within imminent touching distance.

Regardless of where you are in your preparations, GDPR is a challenge, nee daunting, for most.  There’s information to gather and digest, there’s implications to consider and interpret and last, but no means least, solutions to plan and implement.

Time consuming and costly red tape?  Not necessarily.  As in a previous IASME Blog by GDPR Practitioner, Peter Loomes, the Regulation can also provide you with a huge opportunity which can ultimately save you time, money and valuable resource.

So, regardless of where your business currently is on this GDPR ride, it is useful to conduct a gap analysis of where your business currently stands against the time that remains. Next, consider the skills and resource you will need to ensure your business is ready for 25 May 2018.

If you need to bring in expertise or additional resource, do conduct due diligence on that ‘expertise’.  Unfortunately, GDPR also represents an opportunity for the GDPR charlatans to potentially make money! Taking a little time to check out the credentials of a GDPR expert, could save you much more time – and money – in the longer term!

If you need to bring in expertise, it is probably advisable to source that knowledge sooner rather than later.  As the deadline looms, the consultancy cost may well rise too! Do remember that, before you decide you need to bring in expertise, there are good tools and guidance available via the Information Commissioner’s Website.  They also operate a helpline for micro & SMEs.  If you doubt any of the advice you are being given via alternative sources, the ICO is the authoritive voice for the UK.

There are already a variety of solutions offering to make it easy for you to achieve GDPR ‘compliance’.  As there are still a number of grey areas yet to be clarified, do be cautious of anyone or anything that is currently promising you full ‘compliance’.   The Data Protection Bill, covered in our last Blog, is still going through Parliament.  In that regard, decisions are still being made in a number of areas including derogations which may be applicable to the UK.  Let’s also not forget that it may take future Case Law to clarify some aspects of the Regulation.

In summary, your countdown to GDPR may want to cover the following:

  • Establish where your business is on its GDPR journey and allocate the appropriate and proportionate amount of time and resource required to ensure your business is ready for the May 2018 enforcement date.


  • Keep a track of the ICO website. Regardless of where you are on this journey, the ICO website has good practical input, advice and guidance for all businesses. It also has a dedicated helpline for SMEs. With Regulation updates still coming through between now and May, the ICO ‘what’s new’ is a must to ensure you have the very latest authorative updates and can assess how these may affect your business.


  • Need to procure additional resource/ skills? Conduct due diligence on your chosen provider/ solution.  Be wary of those promising ‘compliance’ whilst unknowns remain.


  • Ensure your planning takes you beyond 25 May2018. This is the enforcement date and not the date your hard work and investment stops. You still have duties and responsibilities beyond this date.


  • Remember, GDPR may be challenging yet it provides your business with opportunities to review data, process and procedures. Also remember that you will be expecting other businesses who hold your data to hold it and transfer it securely; it’s only fair other people expect the same of your business.


Over the last year, there has been much publicity surrounding GDPR.  It has outlined the importance of the Regulation, the implications and stressed the urgency of preparing your business.  With six months to go, it really is time to progress your GDPR plan regardless of where your business is currently situated on that road to GDPR.