GDPR Eight Years On: Why Compliance Can No Longer Sit in a Policy Folder

What may have been compliant in 2018 isn’t necessarily compliant today.

Back then, many organisations treated GDPR as a compliance project. Privacy notices were rewritten, data processing records were updated and staff had basic training. It was all about getting the foundations in place.

Eight years on, the challenge is different. GDPR has evolved and so has enforcement action, court decisions, regulatory guidance and the use of technology (not least AI) in business. Organisations now need to ask themselves if their GDPR programme really reflects how they operate today. This blog from Vinciworks looks at why this relevant, how things how things have changed, and the practical lesson organisations must take.