GDPR: A Year On…
It’s now one year since the General Data Protection Regulations (GDPR) were introduced alongside the Data Protection Act 2018.
However, how has GDPR actually impacted us since then?
Last year “Are you GDPR compliant?” was a question that brought about both fear and apathy in equal amounts, and the day it came into force (Friday 25 May 2018) it received more Google searches than Beyoncé and Kim Kardashian (according to an EU infographic). However, the number of searches soon plummeted.
Arguably though, some companies and bodies should have paid more attention to GDPR since then.
We have already seen GDPR breaches, most notably from the Home Office, where historic migrants (known to be part of the Windrush Generation) had their personal details shared due to an “administrative error”.
What is GDPR?
The Regulations were a major update to the Data Protection Act 1998 and imposed more restrictions on data controllers (the individual or body that decides on the purposes and ways to process data) and data processors (anyone who processes the data for the controller) when it comes to handling personal data.
The Data Protection Act 1998 only placed obligations on controllers whereas processors also have obligations under GDPR.
Another big change saw fines increase, so that the maximum fine for a breach could be the greater of €20m or 4% of annual global turnover.
These fines reflect the importance of personal data and handling it appropriately.
Should we remain fearful?
There has been a lot of scaremongering around GDPR (the mere thought of one of those hefty fines could cause a lack of sleep for any business owner) however the real way to avoid any problems or undue stress is to treat individuals and their data with care and respect.
There are many steps which can be taken to ensure compliance with GDPR, including making sure that you have up to date privacy notices, sufficient data protection clauses in your contracts, and suitable terms and conditions.
Most importantly remember, the GDPR weren’t just making sure you were compliant in May 2018 – they were making sure you were keeping on top of data as part of an ongoing, fluid process.