Businesses which have missed today's General Data Protection Regulations (GDPR) deadline should "get their house in order" as soon as possible, a legal expert has said.
The new rules, which affect businesses of every size and sector, have now come into force.
Dawn McKnight, head of commercial law team at Belfast firm Carson McDowell, said: "GDPR is about the law catching up with technology."
She indicated that the Information Commissioner's Office would not "throw the book" at companies which are not compliant immediately, but she warned that a "grace period" would not last indefinitely.
"The difficulty is that GDPR is data protection by design - it is not a one size fits all approach," Ms McKnight said.
"Businesses have to look at what personal data they are using and where they are sending it, so you can make sure your data protection policy is accurate and correct.
"Most responsible businesses have made a substantial effort to get ready for GDPR but others have not appreciated the level of effort required."
She advised those not compliant to "start now and crack on".
"Just make sure your data protection policy is accurate and correct," she added.
She also stressed the importance of having an information asset register in place.
Ms McKnight said that under the GDPR regulations, businesses have a duty to notify the Information Commissioners' Office if there has been a data breach and in some cases, the individual concerned, within 72 hours.
"That is a really tight timescale to investigate what has happened, what data has been lost and how a business is going to sort it out," she said.
Her firm is putting together a rapid response team to help clients deal with such a data breach.
"GDPR gives additional rights to the individual to be provided with certain information," she added.