We are very aware that we have not published a position statement about GDPR.
The simple reason for this is that over the past year, we been working hard internally having started from a view that it’s important we get our own house in order before we start advising our clients about the new regulations. We’ve been following the conversations in various government and industry bodies so we know there has been an explosion of advice and guidance and probably too many opportunities to join webinars and attend conferences.
After some months of work and internal discussion, our view is that the GDPR are not something dramatically novel but do contain some really important new considerations. Many of the provisions are contained in existing legislation. They differ from what came before by virtue of an overriding requirement for much greater transparency and the ability to produce evidence of both policy and action in relation to the collection use and disposal of personal data. The ICO has made it quite clear that if an organisation has taken its responsibilities under the Data Protection Act 1998, then the transition to the new regulations will not be dramatic.
We have talked a lot to our technology partners over the months so that we understand what the implications are from their perspective. We’ve also had a number of discussions with clients about the implications of the new regulations for them. We now ready to expand the conversation with all our clients so that we and they are ready for the coming year.
We will be writing to all our clients in the next few weeks about the GDPR. We have a plan to deliver a workshop that will surface the main challenges that each of our clients face and that will allow both to agree on what has been implemented and what is outstanding.
Please do get in touch with us below if you’d like to talk further about this. Thank you.