Matt Brown, partner and head of commercial (Liverpool) at independent legal practice Brabners, said: “It’s fair to say that most businesses are at least on their way to GDPR compliance. The volume of requests for advice we’ve received, and the similar inundation we hear about from other law firms, certainly suggests so. But while it’s clearly on the agenda for many, at this stage this is all.
“The ICO has been at pains to acknowledge that it is unrealistic to expect everyone to be 100 per cent compliant on day one. Instead, what they will want to see is that businesses have taken the right steps forward. When it comes to dishing out fines, we’re likely to see a small number of strategic, high-profile cases that are designed to keep GDPR in the spotlight – at least to start with.
“Recent cases from the ICO have focused on the indiscriminate use of data, such as mass-marketing tactics like cold calling. This will continue, but now it will have the full force of GDPR behind it.
“We may see the ICO seek to remind businesses of the annual fees that everyone will have to pay. The default category is £2900 but this drops dramatically to £60 or £40 for medium and small businesses. Another priority should be communicating to the regulator which category your business falls into.
“If you’re a businesses that hasn’t started to prepare, or is significantly behind, for GDPR then the key is not to panic. It’s too late to. Start the process of identifying what data you hold, how it is used and whether you have a legal right to process it now. That way, if the ICO comes knocking, you will be able to demonstrate you are attempting to get your ducks in a row.”