Last May marked a seismic shift in privacy and information rights with the implementation of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. 
 
The change in the regulatory landscape has shown the importance of getting privacy right. People have woken up to the new rights the GDPR delivers, with increased protection for the public and increased obligations for organisations. 
Last May marked a seismic shift in privacy and information rights with the implementation of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. 
 
The change in the regulatory landscape has shown the importance of getting privacy right. People have woken up to the new rights the GDPR delivers, with increased protection for the public and increased obligations for organisations. 
 
But there is much more still to do to build the public’s trust and confidence. With the initial hard work of preparing for and implementing the GDPR behind us, there are ongoing challenges of operationalising and normalising the new regime. 
This is true for businesses and organisations of all sizes. 
 
The ICO has the power to impose a fine of up to €20million or four percent of global turnover, whichever is greater. In November 2018 the ICO fined a number of organisations across a number of sectors for non-payment of the data protection fee. Since May 2018 every organisation or sole trader which processes personal information is required to pay a data protection fee to the ICO, unless it is exempt. The cost of the data protection fee depends on organisation size and turnover. There are three tiers of fee ranging from £40 and £2,900. 
 
The focus for the second year of the GDPR goes beyond baseline compliance - organisations need to shift their focus to accountability with a real evidenced understanding of the risks to individuals in the way they process data and how those risks should be mitigated. 
 
Strong accountability frameworks are the backbone of formalising the move of our profession away from box ticking. They reflect that people increasingly demand to be shown how their data is being used, and how it is being looked after. They are an opportunity for data protection to be an enabler of growth and innovation whilst building people’s trust and confidence in the way their information is handled. 
 
For those who do not take this responsibility seriously or those who break the law, the ICO will act swiftly and effectively. In the last year, they have had more than 40,000 data protection complaints since May 25 2018 and over 14,000 personal data breaches reported. 
The past 12 months have been pivotal for data protection, but they are only part of the story. Preparing for, launching and bedding in the GDPR has posed many challenges – but the work continues. 
 
If you would like to review your compliance with GDPR or need help with any aspect of data protection, contact Datasense on 01604 372355. 
Share this post:

Leave a comment: 

Our site uses cookies. For more information, see our cookie policy. Accept cookies and close
Reject cookies Manage settings