It has been over two years since the General Data Protection Regulation (GDPR) came into force for EU countries, and the UK put it on the domestic statute book with the Data Protection Act 2018. At the time of implementation GDPR was a high-profile topic and organisations across the country were frantically reviewing and changing processes to ensure compliance with the new Act. Two years on it seems that some organisations have side-lined Data Protection as a priority which creates the risk of a Data Protection Act breach and potential fines from the ICO.

Since March 2020, businesses have had to change the way that they work and, while technology has facilitated many of these changes, it is important not to lose sight of obligations in regard to data protection policies and procedures.

Part 1 can be found at: GDPR - A guide for Business (Part 1)

Part 2 can be found at: GDPR - A guide for Business (Part 2).