The GDPR came into effect on 25 May 2018. However, it is wrong to view this as a ‘deadline’ as such, for the simple reason that compliance is an ongoing process, not a one-off event. Even if you were one of the few organisations that were fully compliant on 25 May, you could easily fall out of compliance in the coming months and years unless you regularly review your data processing activities.
All organisations with compliance obligations should continue to strive to meet them. If you know you are not in compliance, you should prioritise those areas where a lack of action leaves you exposed. Where an infringement does occur, demonstrating that you have made a start should help reduce potential penalties.
