A supervisory authority is competent to initiate its own complaints within its Member State. (Article 55(1))
What this really means is that the UK Information Commissioner’s Office (ICO) can investigate you even if you have not received any complaints.
But let’s be realistic, are companies really going to be flagged for investigation if they have not been complained about? I think not.
So, the first priority has got to be…where is my greatest risk of receiving complaints?
So, you need to be the first…act NOW!
A further important note: BREXIT will not save you, any UK government is fully committed to implement GDPR and reflect its requirements into UK domestic law.
At this stage I would like to be clear that we are suggesting prioritised wins, not cutting corners or disregarding other aspects of GDPR compliance.