This article explains you and systems requirements to make sure you are GDPR compliant.
If you didn't know GDPR brings together current data protection law under one "umbrella". For example, GDPR includes the "right to be forgotten" law.
So if you are in Europe, sell into Europe or have European employees then you need to comply.
So If I want to be forgotten then you have to delete me from every single system you have, even spreadsheets hidden away on their laptops.
Like Health and Safety, Diversity, Bribery and Data Protection, GDPR is something that all employees are responsible for. And "I didn't know" isn't a defence in a court of law.
Here's an article on how we are at DLA have become GDPR compliant and we also offer a free powerpoint.
How as a Small Business We Became GDPR Compliant http://www.social-experts.net/small-business-became-gdpr-compliant/ via @DigitalLeadersA
GDPR divides the responsibilities of handling personal data into two roles: controller and processor. The legal responsibilities change depending on which role you play. Controllers control personal data – any information that could identify a person (name, email, address, location, etc.). Processors process that personal data on behalf of controllers. This distinction creates a messy, Russian-doll system because your company could be a processor in some relationships and a controller in others. You could even have multiple processor-controller relationships with one company.