Accountability is at the very heart of GDPR.
Businesses are unsure where the responsibility within their organisation lies as the regulation can involve more than one division including marketing, operations, IT, human resources and sales therefore is imperative that each member of your team should be aware of the regulations and how they will impact daily operations, now and in the future.
Privacy notices are also extremely important and transparency is paramount; be honest and open with people who give you their data. Be clear about why you are collecting it, why you want it, how you will be using it and how you will take care of it.
While SME's will not have anywhere near as much data as other larger organisations they will still be accountable for whatever they store – no matter how little. All data should be stored securely and clearly documented with when, how, and why it was obtained; what you are going to do with it and how long you are going to keep it. Data responsibility will now also impact the company or individual managing the network in addition to the network’s owner. Since compliance is a journey and not a destination, there is also a need for ongoing detection and threat remediation. Even data that is stored in filing cabinets will fall under the GDPR regulation.