GDPR and Data Protection in 2019?
The General Data Protection Regulation (GDPR) is certainly leaving its mark on the data protection field by being the first legislation of its kind to tackle present-day dangers to data security and companies’ accountability to their customers in the face of these threats. But what are the implications of the GDPR and Data Protection in 2019?
The post-GDPR world is one full of anxiety and opportunity. Many companies are struggling to put in place the infrastructure needed to respond to incidents and data requests as laid out in the GDPR, while entrepreneurs are profiting by building tools that enable companies to more easily manage visitor and customer consent.
Non-compliant companies are hoping that they will never incur the wrath of their customers and data protection agencies, but with data breaches continuing regardless, through the ingenuity of perpetrators or the neglect of employees and customers, who have the right to request their data at any time, it won’t be long before they will find themselves on the wrong side of the GDPR unless they take action and grab the opportunity this legislation offers them.
We know from reports published from the Information Commissioner’s Office (ICO) that data breaches continue to happen, and with 500 breach-related calls received weekly by the ICO, it will just be a matter of time before businesses will feel the financial impact, and that is before we even consider the reputational impact of such breaches. Whether it’s a breach of confidentiality, integrity or availability of data it’s going to have an impact, so how good are we in the UK when it comes to GDPR compliance?
One hundred days plus after GDPR was implemented, I find it alarming to discover from research undertaken across 600 UK- based companies that only 20% of the companies believed themselves to be GDPR compliant. Whilst 53% say they are in the implementation phase, surprisingly 27% have not yet started. Looking in a more positive direction, 74% of respondents expected to be compliant by the end of 2018.
Surprisingly, more than 51% of organisations have not yet documented their technical and organisational security measures on how they process personal data. If this is the case, how can they demonstrate compliance or accountability in accordance with GDPR?
Improved data protection compliance should encourage innovation and continuous improvement. It should not be perceived as a cost overhead but more as an investment in your people, business and future security.
The key to a stable, secure work environment is continued personal development through training, education and awareness.
Data Protection should be the driver to do things better in 2019.
Irene Coyle, Former Chief Inspector, Police Scotland; Data Protection, Officer, OSP Group Ltd.; Training Director, OSP Cyber Academy
