The countdown is on to the implementation of the GDPR on 25 May 2018. With less than one month to go, many employers will be finalising their preparation for the changes the new law will bring to data protection in the workplace.

For those employers finalising their preparations, it may be time to check in to ensure that you remain on track and on target. But for those organisations who are only just turning their minds to GDPR, what are the next steps?

Compliance might appear a daunting task for organisations, but it is not too late to begin to get ready. There is still time to put in place an action plan and timeline for developing and implementing a GDPR compliance programme; including the changes needed to practices, key documents, processes and procedures. Although continued inaction runs the risk of fines and legal action, taking steps towards compliance now will be steps in the right direction.

If your organisation has not already carried out a comprehensive data audit, that is a good place to start. Knowing what data you collect, what you do with it and (most importantly) why is the first step in developing a GDPR-compliant Privacy Notice and to prioritising compliance activity and remedial measures based on areas with the highest risk.