While many organisations have got to grips with data compliance and protection, there is still a lot to be done and the GDPR will require ongoing attention. Organisations can’t forget that while our exit from the EU looms, the GDPR will still apply under the DPA 2018. The impact of the GDPR has certainly been felt globally with countries like Iceland, Norway and Switzerland aligning their data protection practices to mirror the regulation. New laws in California have also been influenced by the GDPR with the California Consumer Privacy Act (CCPA) being introduced next year, focusing on data subject rights.
Although we are a year on from the implementation of the GDPR and there has been limited enforcement in terms of issuing large monetary penalties, it has brought into focus what organisations (whether you are a data controller or data processor) are now responsible for. In light of the recent data breaches that have made the headlines, it is fair to assume that the ICO’s focus for the remainder of 2019 and the coming years will be on issuing more and more monetary penalty notices under the GDPR and the DPA 2018 for data breaches affecting large groups of people. One aspect of the GDPR that is yet to be explored is how much compensation should be awarded. Damages awards are yet to be awarded in the civil courts but there is no doubt that we will see them start to filter through in the wake of the Morrisons data breach and the cyber attack that British Airways suffered and claimants are likely to pursue large-scale group litigation action.
Data protection regulation has reached a milestone and will continue to develop as society continues to shift in order to deal with the digital age. As risks to data protection increase, an increase in the amounts of fines, compensation and litigation is also likely. The journey towards compliance has only just started and organisations will need to continue to be pro active over how they protect our personal data, expand their efforts and ensure that they keep up to date with guidance from our data protection regulator.
Prettys are pleased to be hosting two data protection updates on the 27th and 28th June at Suffolk Food Hall in Ipswich and Essex County Cricket Club in Chelmsford respectively. Topics being covered include where we are a year on from the GDPR, practical tips on how to deal with subject access requests, and barristers from 5 Essex Court will be exploring data breaches and how to mitigate the issues that can arise as a result. For more information on how to register for either event, please visit our website: https://www.prettys.co.uk/data-protection-update-.
