As expected – or feared – implementing the incoming General Data Protection Regulation (GDPR) is a mammoth task for some companies. ‘It is all-encompassing,’ says Karen Kerrigan, chief legal officer at equity crowdfunding firm Seedrs. ‘The advantage of being a small business is that you can involve all the other departments. Frankly, I would be terrified of GDPR if I was at a large business, because you have to take a much more decisive risk-based approach in terms of what you are physically able to look at. We were able to sit down with our development team, our marketing team and our investments team, and go through every single one of their activities and the service providers they were using.’
To say GDPR will have wide implications for in-house teams is an understatement. It is unlikely that there will be any client or any part of a client’s business that will remain unaffected by the EU regulation, which has a deadline for implementation of 25 May 2018.