The data protection landscape is changing. The General Data Protection Regulation (GDPR) is the biggest single change in data protection legislation. The new legislation, which comes into effect on 25th May 2018, will enforce a concept called, 'Privacy by Design'. This will involve building a Privacy Framework, in which your company will be obligated to demonstrate how you are accounting for all the privacy and security obligations which the GDPR will mandate.
Under the new legislation, as a Data Processor you will share 100% of the liability with your clients should any data breach occur during your handling of any client or employee data. As there is a significant reputational risk at stake as well as hefty fines of up to £16m for data breaches under the GDPR, the need for every company to be fully compliant against all 16 stages of the cycle is imperative. From 25th May 2017 you have less than 12 months to become compliant.