It almost feels as though the GDPR has now passed.
For months before the 25th May, we were flooded with information on how to better manage personal data. The news was filled with stories of impending fines and how marketing would be changing forever.
As the day drew nearer, we were then told that actually many companies were simply not ready for the GDPR, and the percentage of businesses that were 100% compliant, (and would continue to be so going forward), was incredibly small!
For many however, it feels like the 25th May came and went, and nothing happened...
Would we be wrong to assume that this was a lot of hype over nothing, and that we can simply continue on as normal, with the GDPR falling off the agenda?
Yes! In fact, we are now very firmly in the era of the General Data Protection Regulation. It has not, and will not go away. We are now in the eye of the storm.
The worlds media is watching and waiting for the first big hit. There have been several high profile cases of data breaches this year, including Facebook, British Airways, Heathrow Airport and Eurostar.
Facebook especially have become the example of poor data management, and in the UK the ICO have demonstrated their stand and authority over the carelessness of data by fining the maximum amount allowed under the Data Protection Act.
Another recent ICO investigation and fine has been handed to Bupa for ‘systemic data protection failures’.
During a 3 month period in 2017 a Bupa employee was able to bulk extract personal information from the Bupa Global CRM and offer it for sale on the dark web.
The investigation found that Bupa did not routinely monitor their CRM’s activity log and was unable to detect unusual activity such as bulk extractions of data from this system, the ICO also discovered failures in Bupa’s technical and organisational measures leaving 1.5 million records at risk for a long time.
The point is very clear. If you have maybe looked into GDPR and dismissed it as an unnecessary inconvenience, then there could be serious trouble heading your way.
Many countries are now developing their own additional laws, which are modelled after the GDPR and intended to implemented the underlying principles, which are primarily there to protect personal data.
The GDPR is here to stay.
Managing data on a daily basis may seem like a daunting task. Identifying what data is held and keeping track of its movements could take up time and resources that are not available. However GDPR compliance does not need to be this way.
Data management can be integrated into daily activities with software designed to remember the data you have long forgotten about.
Find out more www.i-comply-gdpr.com