Policies, Procedures and the EU General Data Protection Regulation (GDPR)
The EU GDPR comes into force on
25 May 2018 and supercedes the current Data Protection Directive. If the current Directive applies to you, then so will the GDPR, but it is more comprehensive and includes what has been called the
right to be forgotten.
The implications of the GDPR are that any Company needs to have a reasonable set of
Policies and Procedures which cover the how the Company interacts with other People and Companies (and how Data is handled), and also how internal processes are covered by Policies and Procedures, for example with respect to Data Backups and a Clean Desk Policy.