DCN September 2017 - Page 54

final thought Head In The Sand When it comes to GDPR, Mike Simmonds, managing director at Axial Systems explains why it’s time for the board to stop passing the buck and ignoring the issue. T he General Data Protection Regulation (GDPR) comes into effect in the UK on May 25 2018. Yet, many organisations remain in denial, with a typical mind set being: ‘If I ignore it long enough, it will probably go away’, or even, ‘I don’t think it really applies to me’. Ultimately though, any business that holds personal data about their customers, employees or that runs a payroll is going to be impacted by the regulation. That’s 54 | September 2017 because GDPR clearly applies to all companies worldwide that process the personal data of EU citizens. There is a world of difference of course, between understanding that your business needs to get ready for GDPR and making it happen. There are likely to be a raft of challenges along the way. Many leadership teams immediately baulk at the need to put policies in place. Organisations, and particularly their directorial boards, often feel that they don’t have the time, manpower or feel the necessity to do this. But what other options do they have? Whose line is it anyway? We are beginning to see legal departments take on some of the strain. The data protection officer (DPO) role that for many organisations will be a mandatory requirement after May 2018 is increasingly finding itself housed within legal teams as another