Happy Birthday dear GDPR
The GDPR came into force a year ago on 25 May 2018. How could we forget that tsunami of emails requesting confirmation of our consent to receive marketing emails?
The purpose of the GDPR was to put individuals in control of the use of their personal data. It may or may not have achieved that. The effects of the change in the law that we have noticed most are:
- a ramp up in the enforcement action that the ICO has taken to collect annual fees and the imposition of fines on organisations who have not paid on time. Don’t forget to pay yours each year – it can be done by direct debit;
- an increase in the number of Data Subject Access Requests. The right for individuals to make these requests is not new but there seems to be an increased awareness of it – and with shorter timeframes to respond, the burden on organisations receiving these requests has increased. If you receive such a request, please contact us as soon as possible;
- no reduction in the number of data breaches occurring – in fact, if anything, there has been an increase. The GDPR introduced the mandatory reporting of breaches in certain circumstances;
- we are still waiting for guidance from the ICO on some key areas such as the use of CCTV, data sharing and employment. And we still do not have the replacement for the PECR which was originally supposed to come into force at the same time as the GDPR;
- while some organisations have taken extensive action to respond to the GDPR and the changes it brought and are taking seriously the ongoing requirements of compliance, it is clear that others just paid lip service to the changes and have taken continuing compliance off their agenda.
The GDPR is here to stay and all organisations must make sure they continue to comply with its requirements.Back to Our Thinking →