It’s a whole year since our email inboxes were flooded with reminders from businesses around our privacy and the introduction of the new GDPR rules (General Data Protection Regulation).
We’re reflecting one year on from the introduction of these new European data protection rules… How are businesses coping? Have we got to grips with the compliance requirements for data collection and processing? And how serious have Data Protection Authorities (DPAs) been about enforcement? Let’s take a look…
Early statistics around the GDPR demonstrate that it has been a success as a breach notification law, but largely a failure when you see how many businesses have now received fines for failing to adequately protect their customers’ data.
Stephen Eckersley, the head of enforcement at the U.K. Information Commissioner’s Office recently reported that the UK had seen a “massive increase” in reports of data breaches since the GDPR was implementated.
In June 2018, 1,700 data breaches were self-reported by businesses and he estimated that the total in 2019 will be around 36,000 – a significant increase from the previous annual reporting rate of between 18,000 and 20,000 breaches. Across Europe, nearly 60,000 breaches were reported during just the first eight months of the GDPR, according to a survey released last month by law firm DLA Piper.
So interestingly, despite the endless publicity around the new regulation, which was enforced in May 2018, there still appears to be a significant lack of awareness amongst business owners and many are still failing to meet the new requirements.
According to the results of a survey by Hiscox, more than 39% (a third) of SMEs still don’t know who the GDPR affects. 10% of the companies surveyed also don’t believe that consumers have any new rights following the introduction. Perhaps the most shocking thing to come from the survey was the number of small business owners who were evidently not aware of the potential fines for breaching the GDPR. Based on two tiers, the fines businesses have received range from £7.9m or 2% of the company’s global turnover to £17m or 4% of annual global turnover.
The Information Commissioner’s Office, the UK’s own data regulator, reported that complaints of data breaches were up by 160% in the first six weeks following the introduction of GDPR.
So, there’s still a long way to go; we like to think of GDPR compliance as a marathon, not a sprint. It’s an on-going process and businesses need to constantly assess their processes to ensure they are meeting the requirements. We’ve complied some top tips on how you can stay compliant…
- Consider what data your business holds and where/how it is stored. Is that data a risk to you? And if yes, what are you doing to help prevent that risk? For example, do you have policies in place that set out when data should be destroyed and are you following them?
- Educate your employees to the fact GDPR compliance is everyone’s responsibility. Encourage them to take an active role in ensuring requirements are being met.
- Review and strengthen any existing security processes. For example, when members an employee leaves your company, do you have procedures in place to prevent them from logging on to your network and gaining access to your data?
- Offer regular training for employees. Handling data is a skill and regular sessions to update staff should be implemented.
- Last but not least, we can help! If you have any questions around the GDPR or need some expert advice, get in touch…
We have a team of experts who will help you understand what the GDPR is, define any of your data that may be impacted and recommend the best solutions to improve your overall compliance. Call today on 01344 303200.