GDPR, what next?


Posted by Elisabeth Bell, 25th May 2018
After the frenzy, the GDPR and the new Data Protection Act 2018 apply from today, but as Elisabeth Bell explains, those in charge of compliance won’t be breathing a sigh of relief just yet…

It is not often that a new piece of regulation generates such uproar, achieving even more Google searches than Beyoncé this week, but in heralding a new data protection standard for the digital age, the GDPR has already been a success in changing the discourse around privacy and accountability.

For many, achieving GDPR compliance will have felt like an arduous journey that delved into the deepest corners of their archives to take a long hard look at what data they are processing and storing and why.

Done right, this process has provided organisations with a detailed assessment of their operations and a renewed sense of purpose – the business equivalent of finally sorting out all those files and boxes in the spare room that you keep promising yourself you’ll do. It has not been an easy process, in addition to adhering to the six key principles of GDPR, to achieve meaningful implementation of the new regulations, the solutions have had to be tailored to an organisation’s unique practice and culture to enable them to deliver on the new requirements for accountability and transparency.

Bedding in the new policies and procedures

The media noise will die down, but for the new Data Protection officers and others in charge of compliance, the critical period of bedding in these new policies and procedures begins. With this will come a necessity to keep an eye on progress and remain vigilant about the possibility of a data breach. As Elizabeth Denham, the Information Commissioner said in a blog this week, “It’s an evolutionary process for organisations –no business, industry sector or technology stands still. Organisations must continue to identify and address emerging privacy and security risks in the weeks, months and years beyond 2018.” It is also important to mention that achieving practical GDPR compliance will put organisations in good stead for the forthcoming E-Privacy Regulations.

For those who are not quite there yet, there is still time and the ICO maintains that it’s position is to provide help first and fine in the event of deliberate or negligent use or loss of data. Our guidance throughout has been that a new privacy policy is redundant without a proper GDPR compliance policy and procedure in place and if the ICO do make enquiries, it will expect to see an auditable record of this.

Our team will continue to work with organisations to deliver compliant practice as the focus moves from the initial compliance deadline towards good data management becoming embedded in business practice and culture.

Enjoy That? You Might Like These:


guides

24 September
All organisations that process information about identifiable individuals (personal data) must ensure that their operations can continue lawfully after Brexit. In this guide, our expert data protection team outline potential issues... Read More

articles

9 September - Paula Shea
Millennials may struggle to donate to charities during their lifetimes, but this does not mean they cannot leave a lasting legacy that helps future generations. Often the best way to do... Read More

articles

9 April
We’re here to make things happen. As a leading UK law firm, our exceptionally talented and specialist lawyers have the experience and the drive to help deliver your commercial success.... Read More