Written by Shackleton Technologies
With threats of potentially enormous fines (€20m+), businesses had plenty of incentive to achieve compliance before the new General Data Protection Regulation (GDPR) came into force. Since go-live in May however, much of the hype has died down; the media has moved on to other topics, as have business owners and shareholders.
But this lack of media interest is not matched by a change in behaviour by European data regulators. In a politically-charged move, AggregateIQ (one of the analytics firms involved in the Vote Leave campaign during the EU membership referendum) was issued with the UK’s first ever GDPR notice.
Due to the complexities of investigating cases of personal data misuse, this likely to be the first of many such notices in the coming months and years.
Spurred by the impending implementation of GDPR – and a 75% increase in data breach reports – the Information Commissioner’s Office (ICO) has been prosecuting offenders more harshly. Statistics published in the Information Age magazine reveal that the ICO levied £5m worth of fines over the past year – a 24% increase on the 12 months period before that.
Now that the maximum fine threshold has risen under GDPR, it is inevitable that the ICO will beat their £5m record – possibly as early as this year.
As the ICO exercises their new powers, it is important to realise that breaches can – and will – be punished. Businesses have a legal and moral duty to protect the personal data they hold, and they need to meet their responsibilities or suffer the consequences.
More importantly still, GDPR compliance is not a one-off occurrence. Instead it is an ongoing requirement to audit the personal data you have, to strengthen your data security provisions, and to manage information in line with customer preferences.
In effect, managing data is a permanent cycle of reviews, checking that new (and old) information is properly aligned with GDPR requirements. And because of the need for ongoing commitment of resources, many smaller firms will struggle to keep up.
GDPR compliance is not an issue that will “just go away”. And the imposition of steadily increasing fines for data breaches means that information commissioners will not simply ignore failings in future.
For any organisation struggling to maintain compliance, the only solution is to seek professional help.
And if money is the only factor stopping your business getting the help it needs, just remember that you probably haven’t budgeted for a €20m fine for GDPR breaches either.
Ready to learn more? Please get in touch.