Jan 30, 2020
May 29, 2019
GDPR - 1 year on
Last year there was panic among some in the business community as individuals were bombarded with emails asking for permission to hold their personal details. The reason: the General Data Protection Regulation (GDPR).
It has now been a year since GDPR was first introduced as a means of providing individuals with more control over the information that companies hold about them. With a major aim to make companies more transparent in how they deal with people’s data, with the threat of hefty fines of up to €20 million or 4% of the company's annual turnover, for those who misuse a person’s data.
In this blog, we consider if all the horror stories that appeared in the lead up to the regulation were just scare mongering and if individuals have benefited from their newly re-enforced rights.
Enforcement of GDPR since 25th May 2018 demonstrates that data protection offices across the EU have indeed backed up their threats with hefty fines. In fact, there have been 60,000 data breaches reported to the ICO and various European counterparts to date, with 90 fines issued. This included a €220,000 fine issued to a company in Poland for failing to inform individuals that their data would be processed.
Closer to home, the ICO has warned HMRC to delete five million voice recordings used to create bio metric IDs as they don’t comply with GDPR rules concerning consent, or they will face penalties for non-compliance.
What is clear is that people are more aware of their rights in relation to their personal data. This does not take away from the fact that GDPR does cause headaches for organisations having to ensure they have the right resources and infrastructure in place to fulfill their obligations under the regulation. In addition, companies have to ensure that they are interpreting the many ambiguous elements of the regulation properly.
What has changed?
The full impact of GDPR will probably take years to become apparent especially as businesses are still working towards ensuring all aspects of their organisation are fully compliant. What is clear is that the way organisations must conduct themselves has changed.
Instead of focusing on all the negative aspects, business should instead consider the different business opportunities afforded by GDPR. For example if you have purged your marketing databases properly, you should be left with a list of customers and prospects who actually want to hear from you. This should help with customer acquisition and improve your brand loyalty.
It’s also an opportunity to demonstrate to your customers that you care about their personal data and this can be a source of competitive advantage. Additionally, many organisations sought out new technology to help them effectively manage their many obligations under the regulations including call recording and 3rd party data hosting. This should lead to efficiency gains and contribute towards digital transformation within organisations, helping to future proof activities no matter the changes to come.
GDPR moving forward
So what should we expect from data protection moving forward? It is important for businesses to recognise that GDPR is a marathon and not a sprint with the initial assessments of data protection carried out over a year ago, needing to be continually reviewed. Staff training sessions are a good starting point that will ensure everyone within an organisation understands his/her own important role with regards to data protection and the importance of compliance.
Preparations for GDPR will not go to waste post-Brexit, as the UK Government has made it clear that it intends to maintain the high standards of data protection set by GDPR. So unfortunately local businesses will not be immune no matter the UKs European status.
Each individual company will face their own challenges under GDPR and these requirements will probably change as your business environment does. Keeping up to date with the latest technology and seeking legal advice if necessary will help on your GDPR journey.
Tweet us @AtlasComms and let us know how GDPR has affected your business in the past year and if you personally have experienced any benefits #PoweredByAtlas.