Many companies have designated staff members responsible for GDPR compliance, such as data protection officers, but all staff members need to understand their obligations under the regulation.
Adam Gerrard, CIO of delivery company Yodel, has been ensuring that staff are trained up and aware of best practices for data protection.
"My data protection specialist is already trained up," Gerrard told CIO UK. "I have a great IT cyber specialist who is fully up to speed with it and understands the concerns in that space as well. So the two of them are going through with a fine-tooth comb; all our data sources, all our applications - what does this mean for us?
"I think we've got the right kind of rigour, and I think we understand the process we need to get through. There are a lot of areas of working, and that's just on the technology side. A lot of people forget that data protection isn't just about what's stored on the systems.
"Fortunately my team are smart enough to know this and are out there, looking at all the different processes that could potentially have personal information written down as well as stored."