It has the word ‘data’ in the regulation – this is a job for IT, right? Many IT departments, particularly in smaller organisations, found that the when it came to meeting GDPR compliance the task was dropped at their door.
Clearly data protection, including cyber security, are absolutely part of IT’s remit but GDPR compliance cannot happen without organisational change right across the business. In fact, the majority of work required falls out of IT’s expertise and responsibility, and also requires ongoing checks and reviews to ensure that compliance is maintained.
So although GDPR has created an opportunity to develop a more robust way of handling and protecting data, it becomes a burden when it’s left to just one department to push this through. Ideally a business owner or Finance Director would be best placed to manage the compliance project but for smaller businesses this might not be realistic.
If you are still on your GDPR journey and are wrestling with the task of compliance across the business, ‘Fighting fit: running rings around GDPR compliance’ breaks down the considerations each department should be looking at when it comes to data protection. This guide can be shared with relevant stakeholders to help get them on board with the process and recognise what their responsibilities are, and hopefully share the burden.
Visit our GDPR page for more information about how we support businesses with GDPR compliance