FINANCIAL TIMES - Apr 25 - There is one month to go until the EU's new General Data Protection Regulation (GDPR) comes into force, governing all data that companies hold on individuals. Fines for breaches are as high as 4% of annual global revenue. The UK information commissioner's office (ICO) has said there will be no "grace period". Here is the ICO 12-step guide that lays out how to document data, know the rights of individuals, deal with subject access requests, obtain consent, lawfully process data - and what to do in case of a breach.