The long-awaited, often-discussed and much-feared introduction of the General Data Protection Regulation was something of an anti climax when it finally arrived, wasn’t it? Had it not been for a flurry of emails asking you to opt-in to continue receiving e-marketing and websites informing you of updated privacy policies, you probably wouldn’t have noticed a thing.
However, for businesses and organisations, the preparations were in the making for several months (or longer) – and the issues of responsible data protection will remain front and centre from now on.
And, according to the Information Commissioner’s Office (ICO), which regulates GDPR in the UK, the heightened awareness about data protection took effect even before the May 25 deadline, with an increase in reports of alleged breaches in the months leading up to the implementation date.
In its quarterly report, the ICO has revealed there was a 17% rise in reported data security incidents between January and March this year compared with the previous quarter, thanks, it believes, to a wave of publicity and discussion around data protection.
Among the companies to feel the wrath of the ICO was Carphone Warehouse, which received a £400,000 fine after serious failures put customer and employee data at risk. The company’s failure to secure a computer system allowed unauthorised access to the personal data of over three million customers and 1,000 employees.
Meanwhile, the last quarter saw the first rise in cybersecurity incidents (97 in total) since quarter four of 2016/17 (January – March 2017).
According to the ICO, general business, education and local government were once again the sectors with most reported data protection incidents. The education sector saw a rise of 32%, while charities reported a 69% increase in incidents.
Elsewhere, there was a 21% increase in reported health data breaches in quarter four – this follows a 22% rise from quarter two to quarter three.
What is GDPR?
GDPR came into effect in May and impacts on how businesses process and handle data. The regulation, which replaced the previous 1995 data protection directive, has been designed to better legislate for the digital age in which we live.
GDPR aims to put the consumer in the driving seat and sets the bar for how businesses look after the personal data of customers and staff – with tougher penalties for those who break the rules.
How can Gotelee help?
If you would like advice on how to understand GDPR or how it affects your business, our data protection experts can help. We can advise you on the changes your organisation needs to make to ensure you are compliant with the new regulations and help you educate your staff on their responsibilities.
To find out more, call Victoria Spellman on 01473 298181 or email [email protected]