GDPR: changes, consequences and an ongoing commitment
It’s now over a year since the General Data Protection Regulation (GDPR) first came into effect, and we’ve learnt a lot during that time.
Ahead of its introduction, the UK’s ICO significantly grew its staff in order to help enforce the new legislation – something it has delivered good on, levying two blockbuster fines against household brands. It’s also been reported that the number of whistleblower reports to the information commissioner over data breaches has jumped 175 per cent since GDPR was introduced, according to research by the law firm RPC.
GDPR is very much intended to be a perpetual discipline for businesses, and there is a requirement to not just change business practices that did not comply with the legislation, but to foster business processes that exhibit an ongoing commitment to it.
The GDPR emphasises transparency, security and accountability, and these attributes should already provide cornerstones of any organisation’s approach to compliance. The ongoing priority should be ensuring that robust processes are in place to both protect personal data and manage the new requirements that the regulation brings.
As your organisation continues to adjust to the demands of GDPR, our guide could help. Including practical tips on meeting its requirements, it has a particular focus on managing subject access requests and compliant communications.
Take a look at the ‘Quadient Guide to Managing GDPR’ which can be downloaded at: