Supporting the Public
The first year of GDPR (General Data Protection Regulation) has helped people realise the potential risk to their personal data. It has created a greater awareness of laws, particularly those surrounding the rights that individuals have. There is also a greater awareness of the role of regulators when rights are not respected. This increase in awareness is vital for GDPR to be effective and become embedded in company culture affecting the way that personal data is handled.
Research has found that in July 2018, one in three people, or 34%, stated they had high levels of trust in organisations and companies who used and stored their personal data. This is a significant increase from the 24% from 2017. A survey of Data Protection Officers by the Information Commissioner’s Office (ICO) found that 4% of them agreed or strongly agreed that they had seen an increase in service users and customers exercising their information rights since March 2018. It is important to note that these figures have been rounded to the nearest whole number.
The Your Data Matters campaign by the ICO has supported this increase in awareness. The purpose of the campaign was to increase awareness of the new enhanced data protection rights that individuals have through the introduction of GDPR. It highlighted how these rights can be exercised and promoted online guidance products. The campaign led to a 32% increase in people visiting the websites that have these products.
There are a lot of public-facing services that have worked to help the public become more aware of their rights. There are also many tools which have been developed for companies to help explain the new laws and rights. A significant number of investigations have been launched to address some of the more opaque processing of personal data to ensure that the public is aware of what is happening.
Data Protection Officers
The push to ensure that everything was ready for GDPR led companies and organisation to make serious changes. They had to determine the legal basis for their collection of personal data, inventory the data they held and examine how this data was used in their business while refreshing their consents. The increased engagement and understanding of the responsibilities they had was reflected in the engagement the ICO had with businesses, individuals and other organisations.
The helpline, written advice service and live chat run by the ICO received over 470,000 contacts between 2018 and 2019. This was an increase of 66% compared to the previous year. In larger organisations the introduction of GDPR placed more responsibilities on Data Protection Officers (DPOs) and brought an ongoing challenge to normalise the new regulations.
A survey done by the ICO among DPOs found that the majority feel they have received great support from others in their organisation. One of the biggest issues for implementing the new regulation was the importance of culture and it is encouraging to find that almost two thirds of respondents are satisfied with the support they get from leadership. More than 90% of the respondents also had an accountability framework in place. Another 61% state that the framework was well understood by the people in their organisation.
This shows clear positive steps taken throughout the past year. However, it is key that this momentum is maintained. There is still a long way to go until GDPR is embedded and the impact of the new legislation is fully understood.
The ICO has recognised that, beyond the DPO community usually present in large organisations, it has not been easy for small businesses to become compliant with GDPR. They may not be able to justify appointing a DPO but can instead turn to experts like Trident Assurance Services to guide them through the necessary changes. The legal basis for data auditing, processing and privacy policies take time to understand and there are no quick fixes to ensure that data is being processed legally. Sole traders find this particularly difficult.
Fortunately, the ICO has taken steps to help this community understand their responsibilities and meet them. A suite of resources has been provided along with support and guidance on their website. All of this has been tailored to the needs of small organisations, businesses and sole traders. The suite includes podcasts, FAQs, checklists and toolkits which can be used to ensure GDPR compliance.