If there is any one question that businesses are asking themselves at the start of 2018, it is this: do I still have time to achieve GDPR compliance? If you still haven't started, don't worry; you should be aware that 81% of businesses will not have achieved GDPR compliance by May 2018.
Nevertheless, that doesn't mean that you should wait until the last minute. The earlier you start, the better it will be. In the unlikely event that you are investigated in June, the important thing is to be able to demonstrate that you have started taking steps. Let's therefore work together to determine the schedule for the first few phases of achieving compliance.
GDPR Compliance Schedule: Initial Audit 0-3 Months
In the first instance, get in touch with an IT service provider. This provider will support you throughout the process of achieving compliance.
Then, put together your project team: Data Processor, DPO, operations manager, etc. To learn more, don't hesitate to read our article entitled "Roles under GDPR: to whom should they be assigned?"
Then, send the entire team on a training course (if you've selected your service provider correctly, this should be offered as a matter of course). Allow two days to be properly prepared
and to gain an insight into all GDPR-related challenges.
Finally, working in partnership with your IT service provider, think about auditing your first system. ERP, CRM, e-mail: work together to determine which is most relevant.
In parallel with this activity, anticipate the actions to be taken with your service provider, raise awareness with all your employees, and issue communications on the process to your customers, etc.