Many companies are already well underway on the road to compliance with GDPR. Those that are not underway, should be starting to look at their options shortly.
We have noticed that some companies are not putting in place a paper trial to show that they have complied with the new requirements at Director level.
Under the new rules, senior management (for most SME’s this will be their board of directors) have a duty to know about the content and operation of their own business compliance regime. They also have duty to oversee the implementation and effectiveness of that appropriately.
In addition, directors have a duty under the Companies Act (s.172) to satisfy themselves that in complying with GDPR they are promoting the success of the business.
To assist businesses to address this issue, we have prepared:
- A corporate memo that can be given to directors setting out the issues they need to consider both now, and in the future.
- A set of board minutes as a guide for boards to record their discussions in a special meeting to consider and GDPR compliance.
Both documents are free to those on the Arcturus scheme.