A commonly held disbelief is that GDPR is only enforced on large, multinationals firms, when in fact GDPR affects businesses of all sizes. The new policy has meant many small and medium-sized organisations are still in the process of developing and implementing their data handling policies.
The policy requires you to be able to demonstrate how personal data is handled and protected in your organisation.
GDPR compliance should be understood by the senior teams of your organisations as well as anyone who is handling or gathering data for the company. As the awareness of GDPR continues to grow, it is also likely that your clients may question your policies, making it worthwhile to understand the policy fully.