There is a long held belief that prevention is better than cure, so then why are so many businesses still falling short of the GDPR requirements?
Next month will mark the 1 year anniversary since the GDPR was implemented, but even before the 25th May 2018, we were bombarded with information about the upcoming changes to data protection regulations, accompanied by the warnings concerning increased fining power which had been afforded the ICO.
According to a Hiscox survey amongst SMEs, over a third still do not know who the GDPR affects. In addition, a further 10% of SMEs don’t think that consumers have any new rights following the introduction of the GDPR.
The survey also revealed that many SME's were unaware of the potential fines for breaching GDPR which could be up to £17m or 4% of annual global turnover.
Despite all of the information available, many are still not ready, and if you are an SME yet to face this task, then it is reassuring to know, you are not alone.
In fact, the Information Commissioners Office (ICO) themselves seem to be struggling as well!
A Freedom of Information Request sent in, which was published on WhatDoTheyKnow, requested a copy of their Privacy Notice, containing information about the use of the personal data of staff. On 5th April 2019, the ICO responded to this request with the following;
"I can confirm we do not currently hold the information you have requested. The privacy notice for ICO employees is currently under construction. Therefore we are unable to provide you with the information you are seeking access to."
This does not mean however, that businesses should ignore their own GDPR responsibilities. There has been a period of settling in to the new regulation, however the ICO have shown their commitment to protecting personal data in recent high profile cases. No matter how big or small your company is, ignoring the GDPR could have very severe consequences, and if the worse should happen, rebuilding trust will be an enormous and potentially futile task.
Now is the time to revisit your GDPR information and get compliant, before it is too late.
Managing your data, and even knowing where to start can be very difficult. A software tool like IComply is designed to make this process much easier, and will aid not only your initial set-up, but your ongoing compliance as well.
- Data asset register, so you know what type of data you hold and where it is.
- Reminders and tasks to keep you on track with your policies.
- Ticketing system to manage everything including subject access requests.
- A full audit trail just in case you need it.
Find out more about how IComply software manages data easily.