You probably heard about this new EU-wide piece of legislation called General Data Protection Regulation (GDPR). Although much has been said on the subject, still many business owners struggle to wrap their heads around it. To make matters somewhat worse, the GDPR neither suggests a single, clear approach to data processing nor does it comprehensively explain how its ordinations will affect businesses of different shapes and sizes.
There are probably few companies—whether in the IT industry or outside of it—that could say confidently “Yes, we’re ready for the GDPR”. The new law is a hard nut to crack as it does not provide explicit instructions or procedures, and puts it on businesses to decide how to comply with its regulations. Since every company processes personal data in a different scope, for different purposes and using different means, there is no universal approach or a solution to have implemented.