GDPR day is finally here

Written by Bradleigh Bishop on 25/05/2018

Welcome to GDPR Day

It’s finally here. This day, the 25th of May 2018 will be forever remembered as the day GDPR officially came into force. The good news is we should see a steady tailing off of emails from companies politely asking us to ‘opt in’ and that they’ve updated their privacy policy. The bad news is, if you’re not currently GDPR compliant, you’re officially late and theoretically, you could face the wrath of your relevant regulatory body.




This is what the fuss has been about

Everyone’s been talking about this piece of legislation for some time. We’ve even been talking about it, so you know it’s important. Fortunately, for us in the UK at least, we’re unlikely to see hefty fines flying left, right and centre. It’s early days and the ICO is unlikely to come down too hard on organisations, so long as they can show they’re doing everything they can to become GDPR compliant and being as transparent as possible.

I’m sure the majority of you have been incredibly diligent in carrying out your data protection duties and can now sit back and relax. For those that are not, it’s time to up your game. If you’re unsure of your level of compliance, a GDPR gap analysis will let steer you in the right direction.

There’s a good chance you’re doing a lot of GDPR already, so some changes might be as simple as updating your Privacy Policy to make data subjects aware. Other changes though will undoubtedly need more work.



It’s not over

For those that are sitting back and relaxing, your relaxing time is over. Did you enjoy it? It’s important to realise that maintaining GDPR compliance is an ongoing thing. Processes, procedures, software and just about anything in relation to the controlling and processing of personal data must be continually updated to ensure the risk of data breach is kept to a minimum, and the response to one is improved. If this sounds like a full-time job, that’s because in some cases it is. Say hello to your DPO for me.

For those struggling with appointing a Data Protection Officer, or those appointed that are struggling with their new duties, it might be easier and more cost-effective to outsource this responsibility going forward.



The future

In the coming weeks I expect to see many stories of companies falling foul of the ICO (albeit in a gentle way, unless there’s been a serious case of negligence). Many will breathe a sigh of relief that it wasn’t them before hastily updating their approach. As is always the case with new legislation, I expect there to be an adjustment period. However, I don’t expect it to last long as the ICO do have the power to levy fines of up to €20 million or 4% of annual turnover (whichever is greater), which is not a risk many businesses would be keen to take.

So, happy GDPR day everyone. Let's hope it bring us all closer together.


  • Bulletproof are CREST approved

    CREST approved

  • Bulletproof are ISO 27001 and 9001 certified

    ISO 27001 and 9001 certified

  • Bulletproof are Tigerscheme qualified testers

    Tigerscheme qualified testers

  • Bulletproof are a PCI DSS v3.2 Level 1 service provider

    PCI DSS v3.2 Level 1
    service provider

  • Bulletproof have 24/7 on-site Security Operations Centre

    24/7 on-site Security
    Operations Centre

Get a quote today

If you’re interested in our services, get a free, no obligation quote today by filling out the form below.