What does GDPR compliance look like?
On the 30th May 2019 the Information Commissioner’s Office (ICO) launched a new publication entitled GDPR One Year On. The report highlights what has happened since the General Data Protection Regulation (GDPR) (2018/679) and Data Protection Act 2018 have come into force. The ICO saw the introduction of this legislation as a seismic shift in privacy and information rights. It certainly has made us radically alter the way we have had to consider how we now manage the personal data of others.
So what has been the impact of these changes? How have individuals rights been effected by these changes? What considerations do we have now have to make when dealing with the personal data of others?
Research conducted in July 2018 has indicated that there is increased trust and confidence in companies and organisation storing and using personal data. 34% of those involved indicated that they consider organisations are more trustworthy when dealing with their personal data compared to 21% the previous years. Coupled with this 64% of Data Protection Officer’s stated they either agreed or strongly agreed with the statement “That they have seen an increase in customers and service users exercising their information rights since the inception of GDPR”. The ICO’s own Your Data Matters campaign has led to over 2.5 million more individuals accessing their website.
At the same time the ICO has seen a huge increase in the nature and volume of calls it received with the helpline, live chat and written advice services receiving over 470,000 contacts, an increase of 66% over the previous year.
One area of special concern to the ICO is that of children’s personal data. They have recently undertaken a consultation on Age Appropriate Design and have put forward 16 standards for the age-appropriate design for services likely to be accessed by children. Whilst most of these relate to the provision of on-line services the same consideration can be equally applied to ensure that the off-line capture of children’s personal data is both suitable and compliant with the regulations. The ICO will be publishing the findings of the consultation in due course.
Support and Guidance
The ICO are also keen to enforce that the provision of support and guidance is a key part of their role and will act in the public interest when organisations wilfully of negligently break the law. The ICO are keen to reassure organisations that this is not simply through the application of large fines but that there is a process in place for the provision of warnings and reprimands before such drastic action is taken.
Personal Data Breaches
This change in legislation has also seen a vast increase in the number of reported cases being received by the ICO, rising from 3,300 personal data breach (PDB) reports in 2017/18 to 14,000 PDB’s received between 25th May 2018 and 1st May 2019. Of these 12,000 cases have now been closed of which only 17.5% required any further action and less than 0.5% led to either an improvement plan or a financial penalty. A similar rise in the number of concerns received has also been seen, almost doubling from 21,000 to 41,000 for the corresponding period. A majority of these (38%) were complaints regarding Subject Access Request’s.
So all in all its been a busy year for the ICO as well as for those organisations trying to ensure compliance with this new legislation.
The AoC are running a series of ‘GDPR in FE Workshops’ throughout 2019/20, please contact firstname.lastname@example.org for more information. Alternatively, feel free to book directly for the following dates: