GDPR: One Year On
Posted on Wednesday, May 29, 2019 by Venn Group — No comments
It’s exactly a year this week since GDPR came into effect; a landmark in human rights legislation but also a big compliance challenge for companies of all sectors and sizes.
The new Data Protection law aims to give each of us a clearer picture of how any of the organisations that we deal with use our personal data, and to give each of us more direct control over it. UK Information Commissioner Elizabeth Denham says the law aims simply to help firms make good standards of privacy the norm, “to help them get it right and enhance their reputations by earning people’s trust and confidence”. Unlike older data privacy laws, however, the new rules have teeth: the regulator “will not hesitate to act in the public’s best interests… (with) heavy fines for serious breaches reflecting just how important personal data is in a 21st century world”.
As with any new rule, the first year has seen a sharp initial rise in “notified data breaches” (reports of personal data being carelessly or dishonestly released). In the UK alone, more than 14,000 breaches have been reported since GDPR came into force, although the regulator has only found 29 cases of behaviour bad enough to need high-profile enforcement action.
Europe-wide, the Netherlands, Germany and the UK have reported more than half of all breaches, with 60,000 events reported in the first nine months of GDPR. Among the more dramatic headlines, you may recall the French data commissioner’s €50 million fine against Google for failing to be transparent, to inform users adequately, and or to ask properly for their consent. This huge fine was deliberately a “landmark moment” by enforcers, designed to highlight how some firms chase profits by dishonestly grabbing and combining items of personal information. The regulator’s message: it has never been more important to keep personal data secure against misuse.
At Venn Group we have always understood that keeping the trust of our clients and candidates is crucial, as handling personal information is a vital part of our everyday work. Candidates trust our reputation for representing them responsibly, including keeping their personal details secure. Since GDPR came in, we have made sure that:
- each and every person that works here knows their legal responsibilities through dedicated training on GDPR (with new joiners inducted quickly);
- we regularly clean our databases to purge out-of-date entries;
- our registration forms and contracts are GDPR-friendly;
- personal data is safely kept behind our certified Cyber Essentials firewall;
- we respond quickly and positively to requests from people who want to test their rights of access under the law.
If you have any questions relating to GDPR, please email us at firstname.lastname@example.org.