Ten months ago everyone breathed a hefty sigh of relief when GDPR finally came to fruition and the world didn’t end. However, it seems that organisations may have been lured into a false sense of security. GDPR compliance was just the first hurdle. The next phase is that organisations must be able to demonstrate their compliance.
The Information Commissioner, speaking at Data Protection Practitioner’s Conference said: “Accountability encapsulates everything GDPR is about. It enshrines in law an onus on companies to understand the risks that they create for others with their data processing, and to mitigate those risks. It formalises the move of our profession away from box ticking or even records of processing, and instead seeing data protection as something that is part of the cultural and business fabric of an organisation. And it reflects that people increasingly demand to be shown how their data is being used, and how it’s being looked after. But I’ll be honest, I don’t see that change in practice yet. I don’t see it in the breaches reported to the ICO. I don’t see it in the cases we investigate, or in the audits we carry out. And you know, that’s a problem. Because accountability is a legal requirement. It’s not optional.”
However, recent research by Redscan reveals that some organisations are still seeing GDPR as ‘optional’. For instance GDPR requires detected data breaches to be reported within 72 hours, however, the average reporting time was found to be 21 days and almost a quarter of companies (21 per cent) admitted to failing to even report a breach.
As we approach the 12 month milestone since GDPR was introduced, what is clear from the ICO, is that GDPR must become part of the fabric of an organisation. Lip service will not suffice. Today compliance requires a refocus on comprehensive data protection and embedding sound data governance in all business processes.
If you want to know and understand more about the way data is changing the world you live in, or would like to know how data can add value to your business, please email me at firstname.lastname@example.org