15th May 2019
The 25th of May marks the one-year anniversary since the European Union’s General Data Protection Regulation (GDPR) came into effect. The run-up to GDPR felt huge, with some companies going into full panic mode trying to work out what they would need to do in order to be compliant. One year on it seems the hype has died down and we have begun to hear less and less about it. So, what have we learnt over the past year and have companies got to grips with compliance requirements for data collection and processing?
Has it actually worked?
According to the 2019 Cyber Security Breaches Survey by the UK’s Department for Digital, Culture, Media and Sport the number of breaches has reduced to 32%, down from 43% the previous year. The government has said that these results are due to the increase in Cybersecurity Awareness driven by GDPR.
However, it isn’t all positive.
GDPR hasn’t all been positive as it has led to a significant increase in the number of personal data breaches reported to the ICO. In December the ICO reported that the number of complaints from the public had increased from 9,000 to 19,000 in a comparable six-month period. This has resulted in the ICO workload significantly increasing and they have a lot more reports to filter through, meaning they are processing these complaints a lot later than they have been filed.
Sanctions for failing to comply with the GDPR requirements include fines of up to 10 million euros or up to 2 percent of the total worldwide annual turnover, whichever is higher. A couple of months ago the European Commission report showed that there had been 60,000 reported breaches since GDPR came into effect. 91 fines have been issued, one of which being a 50 million fine against Google. Most of the other fines were around the 5000 euro mark. Germany took the bulk of the fines with 60 being issued to companies there. Because of the amount of reported breaches, there are still loads to go through, so we expect to see more fines being issued soon.
Are companies still not getting to grips with GDPR?
Even though the hype of GDPR has died down, companies still need to make sure they are keeping the momentum going and ensure they are still complying. According to Dell Technologies Research, 31% of business leaders do not trust their own organisation to effectively comply with GDPR. For micro and SME businesses, GDPR can be particularly difficult to manage. IRIS FMP has developed a simple, cost-effective GDPR HR toolkit to help smaller UK businesses start to comply with GDPR, and international companies making their first foray into Europe.
HR - Time for change?
Read our ebook to find out how a new process model can reduce coss associated with payroll management, transform employee engagement and ensure the HR department supports business growth.