Please call +44(0)5603 852239 or email

Risk and prioritisation

Let’s start with sensible priorities:

A supervisory authority is competent to initiate its own complaints within its Member State. (Article 55(1))

What this really means is that the UK Information Commissioner’s Office (ICO) can investigate you even if you have not received any complaints.

But let’s be realistic, are companies really going to be flagged for investigation if they have not been complained about?  I think not. 

So, the first priority has got to be…where is my greatest risk of receiving complaints?

  1. Employees                                         Not very likely
  2. X-Employees                                    Very possibly, especially disgruntled former employees
  3. Existing Customers                       Not very likely unless they have grievance’s
  4. Prospective customers                 Most likely…see our Solution Briefs
  5. GDPR Violation by Cookies       A horrible way to get caught…see why

So, you need to be the first…act NOW!

A further important note:  BREXIT will not save you, any UK government is fully committed to implement GDPR and reflect its requirements into UK domestic law.

At this stage I would like to be clear that we are suggesting prioritised wins, not cutting corners or disregarding other aspects of GDPR compliance.