It’s been 12 months since the introduction of General Data Protection Regulation (GDPR) – and one thing is for sure, the challenges it presents haven’t gone away.
GDPR came into force in May 2018, introducing a number of significant changes including new rights for people to access the information businesses hold about them, obligations for better data management for businesses, and a new regime of fines and enforcement actions.
At the start of 2019 Google became the first tech giant to be hit with a record fine for breaching GDPR in the EU – it was slapped with a massive £44m penalty by the French regulator.
The fine followed complaints over how Google handled people’s data, with experts warning other tech firms would be next in the firing line.
And it’s not just tech firms. Recent research from cloud data firm Talend revealed that an estimated 74 per cent of UK organisations had failed to address requests from individuals seeking to get hold of their personal data within the one-month specified time period required under GDPR.
It found that only 17 per cent of companies complied correctly with the requests, while nine per cent gave incomplete or delayed responses.
The maximum amount that firms can be fined under GDPR is €20m or four per cent of global turnover, whichever is larger. And the Google penalty has been described as a “warning shot” at digital and tech businesses.
And it is not just big companies that have to be aware of GDPR and ask themselves if they are compliant and if they are protected.
For instance, the Information Commissioner’s Office (ICO) is issuing fines for companies and sole traders that are not registered.
In November last year the ICO fined a number of organisations across a number of sectors for non-payment of the data protection fee.
Since May 2018 every organisation or sole trader which processes personal information is required to pay the fee to the ICO, unless it is exempt.
The cost of the fee depends on organisation size and turnover. There are three tiers ranging from £40 and £2,900.
The perils of the tech world we live in are growing. Cyber and phishing attacks are on the increase and we are also continually contacted by companies seeking help after falling for the scams and losing thousands of pounds.
As well as the financial loss, security breaches can put a firm at risk of falling foul of GDPR.
A year on it is worth asking the question again: Are you GDPR compliant? Here’s our checklist for you to go through:
• Do you know what personal data you hold and reasons why
• Do you have appropriate consent?
• Do you have a record of processing?
• Do you have appropriate privacy notices?
• Do you have sufficient security?
• Do you know how to handle a breach?
If you answer is ‘No’ to any of the above, please give Penny a call today. To discuss any issue regarding GDPR and cybersecurity and how AW Training and Compliance can help contact her 01257 460081 or email: firstname.lastname@example.org
Penny is a management and leadership expert with a background in regulatory compliance. She is a certified EU GDPR Practitioner, ISO17024 certified and Institute of Information Security Professionals accredited.