I am meeting so many people at the moment who are interested in my new venture. What they don't understand is why their company is not taking GDPR seriously. Some of my friends work for large, sometimes public sector companies that haven't even mentioned GDPR or are just starting to now, with a couple of weeks to the new rules are in force.
It is no wonder then that micro and small businesses see it as unimportant, red tape that "doesn't affect them".
I feel that businesses will not take GDR seriously until something goes wrong and the first people are prosecuted.
Why take that risk? To become compliant is not as big a task as you may think. There are many free seminars, ICO website and documentation that can help or you can contact a business like mine that will guide you, saving you valuable time.