While there is a general awareness of GDPR amongst businesses now, actual understanding of the impact on business from GDPR still appears to have a way to go before those businesses do anything close to becoming compliant.
The situation is not helped by the generally poor advice being offered; much of it bordering in scaremongering to sell consultancy services and “compliance products”.
Here are the latest official positions from the ICO and a few other organisations who are offering good advice:
ICO general Advice: Guidance: what to expect and when
ICO Overview of GDPR: Overview of the General Data Protection Regulation (GDPR)
Downloadable PDF helping you prepare: 12 steps to take now
The key pieces of advice around GDPR seem to be resolving to distinctions between how to best use the rules. However gaining actual understanding of the meaning of, for example, Legitimate Interest, is proving difficult as finalised guidance is not anticipated for many months, as we explained here.
So there is a long way to go still. Our best advice is to keep on listening and reading but not to rely on one source for your advice as there is still disagreement on the meaning and interpretation of key terms.