It is nearly a year since the much awaited General Data Protection Regulation (‘GDPR’) came into force in the UK and whilst most organisations may be breathing a sigh of relief that the dire warnings of many have not come to pass, the Information Commissioner’s Office (‘ICO’) continues to remind organisations about the importance of good data management. For many of us, the GDPR represented spam emails and nuisance phone calls; however a rise in the number of notifications and complaints to the ICO represents an increase in people’s understanding of what the GDPR really is.
While the heightened awareness of individuals regarding their rights under the GDPR has been made evident by an increase in the number of concerns reported to the ICO, it is important to remember that the GDPR must be a ‘work in progress’ in order to show a long-term commitment to compliance with the new legislation. The long-term ambition of the ICO to promote compliance will ensure better protection of personal data and adherence to the principles that underpin the GDPR.
The ICO continues to produce and publish guidelines for organisations to follow and for individuals to access to enhance knowledge of data protection, ensuring the new legislation and guidance reflects the rapid changes in technology. After all, the Data Protection Act 2018 (‘DPA’) and the GDPR were introduced to reflect just that. New developments in technology, such as facial recognition technology (‘FRT’), pose some of the greatest risks to our personal data. Whilst few monetary penalty notices have been issued to date, the extended powers of the ICO mean that we should expect to see some of the larger companies face the significant fines introduced under the GDPR.