Infographic: GDPR – A Year On
Wed, 15 May 2019 09:43
This time last year, many of us were occupied with ensuring that our organisations and employees were fully aware of the General Data Protection Regulation (GDPR). We were busy assessing existing processes and procedures, sending customers information notices and ensuring that personal data and customer information was stored securely.
But in the past year, a number of high-profile personal data breaches have come to light. The Information Commissioner's Office (ICO) revealed that businesses were still failing to comply with basic ethos of the GDPR i.e. securing and handling personal data responsibly.
Furthermore, businesses were also found to be failing to follow basic procedures when addressing personal data breaches, including failure to inform those whose personal data was compromised.
Where They Fell Short?
Investigations from the ICO revealed that businesses were in breach of one or more of the following:
- Allowing access to user information without sufficient consent
- Failing to secure personal data from illegal use e.g. hackers
- Taking inadequate measures to encrypt data on portable devices
- Failing to disclose to users that their personal information was passed to third parties for direct marketing purposes
- Retaining data for longer than necessary and vulnerable to unauthorised access
- Taking inadequate remedial action once the misuse of data was discovered
- Failing to inform customers whose data was compromised
Lessons to Learn
GDPR awareness training is the best way to ensure that your employees are equipped with the knowledge they need to feel confident while processing and storing data in-line with GDPR directives. Make sure you and your employees are aware of:
- GDPR legislation about using, processing, and storing data
- Seven data protection principles are and what they mean
- Principle of privacy by design and default
- Categories of Personal Data – personal and sensitive
- Informed consent
- Response to a data breach
- Awareness of protecting data whilst using social media, cloud-based apps, DVDs, and other digital devices
On the first anniversary of the GDPR, we look back at the biggest fines issued by the ICO. We also look at stats on number of personal data breaches and the common causes of breaches.