GDPR – ONE YEAR ON

We’re nearly one year on from the implementation of the General Data Protection Regulation (GDPR) and it has certainly been a busy year for data protection.

KEY OBSERVATIONS

Since the introduction of the GDPR on 25 May 2018, a number of key trends can be observed:

  • Data breach complaints have increased – they were up 160% between May and July 2018 compared with the same period in 2017
  • Increasing number of customers are querying whether or not organisations are GDPR-compliant
  • More comprehensive analysis of what constitutes personal data
  • Data protection fee now applies to many organisations in the UK
  • There has been a rise in Data Subject Access Requests
  • Increasing pressure from third parties to sign up to new data protection policies

CONSUMER SURVEY

A survey of 1,500 consumers, conducted by the Chartered Institute of Marketing 6 months after the introduction of the GDPR, found that:

  • 72% say that they are aware of GDPR, a significant increase from 41% in May
  • 50% would take action to stop companies using their data if they didn’t want them to
  • 42% don’t think GDPR has slowed the communications they receive from companies
  • 41% think GDPR has improved how companies use their data

ENFORCEMENT & FINES

In January 2019, Google was fined £44 million after privacy rights groups claimed that it did not have a valid legal basis, as required by the GDPR, to process user data for ad personalisation.

Google had not obtained clear consent from users to process data and the option to personalise ads was pre-selected. In the ruling, Google was accused of a “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation.”

This decision highlights the importance for companies of thoroughly analysing all operations involving the processing of personal data to ensure compliance.

ACTION POINTS

The following steps should become integral to the running of an organisation in order to increase the chances of being, and remaining, GDPR-compliant:

  • Undertake regular data audits
  • Implement and review security measures, including encryption and passwords
  • Update key policies and procedures
  • Update data retention policies and consider culling data
  • Make use of the Information Commissioner’s Office (ICO) helpline
  • Ensure a data breach register is maintained
  • Provide appropriate training for staff
  • Familiarise yourself with ICO guidance published since 25 May 2018

This article was supplied by SA Law, for more articles like this you can visit their website here https://salaw.com/views-insights/