The 25th May 2019 marked the one year anniversary of the introduction of the General Data Protection Regulation (‘GDPR’) and the Data Protection Act 2018 (‘DPA’).
As organisations have scrambled to get themselves compliant with the GDPR, in the past 12 months EU Data Protection Authorities have seen a sharp increase in the number of staff and resources required to aid in implementing new requirements. It’s been a busy time and over 56,000,000 Euros were issued in monetary fines to organisations and businesses across Europe. The UK’s Information Commissioner reported that the top three issues raised in the 39,825 concerns it received between May 2018 and April 2019 were:
- data subject access requests to personal data (‘DSARs’);
- disclosure of data; and
- the right to prevent processing.
Organisations and businesses should already have a clear strategy in place for adopting a compliance culture. A basic structure should include the ability to recognise whether you are a data controller or a data processor, respond correctly to subject access requests and report data breaches in accordance with your obligations under the GDPR and DPA. Compliance requires ongoing attention and has proved demanding for many. The influence the GDPR has had on many UK and European organisations is evident in the number of high profile monetary fines that have been handed to commercial giants like Facebook and Google.
As more uncertainty remains regarding Brexit, it is even more crucial for businesses to ensure that they keep up with guidance published by the ICO. Privacy rights of UK and EU citizens remain at the heart of the GDPR and the DPA and data controllers and processors must recognise that accountability is a critical component of data protection law.