GDPR One Year Later

Home Improve Article

Supporting The Public

During the initial year of GDPR, people have begun to truly realise the potential that their personal data holds. There is increased awareness of the law, especially the data rights that individuals have, and a higher awareness of the role that the regulator plays when rights are not respected.

In July 2018, research was conducted that found that one in three (34%) individuals have high confidence and trust in organisations and companies that store and use their personal information. This is a significant increase from the 21% who said this in 2017. DPOs were surveyed by the ICO in March, with 64% stating that they either strongly agreed or agreed with the statement that they had seen an increase in service users and customers who since 25 May 2018 had exercised their information rights.

Note: Those figures have been rounded to the nearest whole number. The Your Data Matters ICO campaign has supported the increase in awareness. The aim of the campaign has been to increase the awareness of the improved data protection rights that people now have under the GDPR and to highlight how individuals can exercise those rights and promotes our online guidance products that are available. The campaign has resulted in a 32% (more than 2.5 million) increase in people accessing our website.

Throughout this time we have worked to support the public. That might have been directed through one of our numerous expanded public facing services or via an organisation that uses one of the many tools that we have made available to both large and small companies to explain the new rights and laws. In addition, we have launched numerous investigations in other to address and highlight otherwise invisible or opaque processing of personal information to make the public aware of the way their data is being used currently.

Data Protection Officers

Organisations were also promoted to make significant changes in order to be prepared for the GDPR. They needed to determine the legal basis they were collecting personal data under, take an inventory of the data they were holding, examine how they were using data with their supply chains and renewed their consents.

The heightened understanding and engagement of the responsibilities and rights in the new regime are reflected in the nature and volume of our engagement and contact with individuals, organisations, and businesses. The ICO written advice services, live chat, and helpline have received more than 470,000 contacts in 2018-19, which a 66% increase over 2017-18. The GDPR in larger organisations has placed significant responsibility on DPOs, that brings with it the ongoing challenge of new regulations being normalised.

When DPOs were surveyed by the ICO as part of its DPPC 2019, it was shown in the responses that most DPS felt they received excellent support from with their organisations. Culture was considered to be one of the most important and largest issues in implementing GDPR, so it has been encouraging to see that two-thirds of all respondents at least were satisfied with their support from senior leadership.

Over 90% of DPOs have an accountability framework put in place with 60% reporting that with their organisations that the framework is well understood. Overall, 75% of DPOs have stated that their information rights message has been getting through to the senior leadership team. They have also felt supported to develop a framework for embedding those rights within their organisations.

This is clearly positive progress in less than one year, but it will be key to maintain momentum. There is still a very long way to go towards completely embedding the GDPR and fully understanding the new legislation’s impact.

SMEs

The ICO recognises, beyond the DPO community, that for many small organisations it has not been easy for them to become GDPR compliant. It takes some time to understand privacy policies, data auditing, and processing, and there are no quick fixes to ensure that people’s personal data is legally being processed. And that’s where an organisation such as Trident Assurance Services can be really useful in helping businesses to understand exactly how to become compliant.

It has been especially difficult for sole traders. To help this critical community understand what their responsibilities are, they have been provided with an entire range of guidance, support, and resources on the website that is tailored to the small organisation and sole trader needs, including FAQs, podcasts, checklists, and toolkits.