Having worked with a range of clients on GDPR for nearly a year, the following learnings have emerged. Some of the points may seem familiar and others  may be completely new but hopefully the learnings will be useful for you in your GDPR compliance journey.

  1. GDPR is an evolving legislation
  2. We all need to be a bit more adaptable and alert…things are going to keep changing
  3. Data hoarding is real, data is being collected for no strategic reason
  4. There is no value in holding volumes of data that could pose a risk if breached
  5. Those who have clear growth goals understand the need to take compliance seriously
  6. Data controllers should not be data protection officers or leads…conflicts of interest may arise
  7. GDPR is getting people to do what they should have been doing already
  8. If you have a team make sure you educate and train them regularly and effectively
  9. If your suppliers or service providers aren’t taking data protection seriously… ditch them
  10. There are 5 other legal bases of processing data apart from consent