This is one we hear all the time: GDPR is not coming into effect until May 25th 2018 so we’ll worry about it then. Here's the thing, GDPR was passed in 2016. The grace period is over in May 2018. So, you have to be compliant on or before May 25th 2018 and not after. Any data not compliant on this date will have to be deleted in order to avoid fines.
The GDPR preaches privacy by design. Meaning that you should consider privacy in each and every process which means a lot of work in rethinking how you process personal data.
If you don’t get ready now and have your data and the tools you use to collect, handle and store your data (including your suppliers handling your date) in line, you might have to hit the “delete all” button on May 25th. Avoid this by getting ready. Start by:
- Examining your data
- Updating your forms
- Running reengagement campaigns to have your database fully opted in by May 25th