GDPR A year on...

 25th Jun 2019

2018 can be summed up with four letters: GDPR:

‘On May 25th 2018 the General Data Protection Regulation (GDPR) - a new Europe wide data protection regulation comes into place. Please leave your details below if you still want to opt in to our emails, marketing and calls’.

In the months prior to the introduction of GDPR there was a flurry of emails from businesses in order to receive consent to retain customer’s data. A year on – has anything changed? Did GDPR actually prompt businesses to make significant changes to the security of sensitive data?

The introduction of GDPR  set out to ensure that everyone is accountable for how they use, protect and share data. However, adapting to the new rules has been a challenge for some. There has been a significant increase in the number of breaches reported- however it has resulted in few fines.  A notable example of a fine as a result of a data breach was received by Facebook for their role in the Cambridge Analytica Scandal where the information of 87 million Facebook users was improperly shared with the political consultancy through a quiz that collected data from participants and their friends.

Under the GDPR, the principle of accountability becomes more important. Your organisation is not only required to adhere to the principles set out in the GDPR, but must also demonstrate compliance. Despite the speed with which companies have scrambled to prepare for GDPR, data governance is a marathon not a sprint. Successful privacy programs are maintained and continuously improved over time.