Posted on: 14/06/2019
Last month saw the first anniversary of the General Data Protection Regulation (GDPR) on the 25th of May, but what’s changed? How is GDPR one year on impacting businesses? GDPR is designed to give EU citizens more control over the information held about them online. The regulation impacts every company that handles personal data.
New research conducted by Infosecurity – Organisers of Europe’s number one information security event has found that organisations have not taken GDPR seriously enough and are still not compliant. Although very few penalties have been issued, reports of non-compliance have been on the rise. Research from Hiscox shows that complaints of online data breaches rose 160% during the six weeks after GDPR came into force.
Since GDPR came into force a year ago, fines throughout Europe have totaled over €55m, a large sum mostly made up of a €50m fine to Google. Issued by France’s data protection office, Google broke laws involving forced consent for the use of data - a practice specifically prohibited by the rules of the regulation.
Small businesses are just as vulnerable as the largest companies in the world. The fines issued can be relative to the company’s earnings, 2% of the firm’s annual revenue or €10 million, whichever is highest. So, small businesses can suffer just as much, if not more.
According to the previously mentioned research from Hiscox, knowledge of GDPR regulations from small business owners is still lacking. A significant 39% don’t know who GDPR affects, while nine in ten businesses don’t know the key new rights that GDPR gives consumers. Transparency is at the heart of GDPR, meaning small businesses need to be absolutely clear what personal data they are collecting and what it will be used for. There needs to be a clear option for consumers to opt out, or to withdraw previously granted consent.
Ellenbrooke, a part of Exemplas, has been helping businesses to implement and maintain certified management systems for over 30 years. Ellenbrooke provides support for Information Security standards including ISO 27001, IASME, Cyber Essentials and GDPR Evaluation of Compliance. Through the one-day GDPR ‘evaluation of compliance’ visits, Ellenbrooke’s Certified GDPR Practitioner helps businesses to get a clear picture of the law and compliance required, understand where businesses risks are in relation to the data they control and/or process, and make recommendations for any action required.