The General Data Protection Regulation came into force in May 2018. The Information Commissioners’ Office (ICO) has published a report ‘GDPR one year on’ giving an overview of the ICO’s experience and sharing information and insights. Importantly for small businesses the report says what the ICO is doing to help SME’s to comply with these new legal responsibilities.
The GDPR was brought in across the EU to uphold the information rights of the public and to give them confidence about how personal information on them is held and used. This gave the public greater awareness of their individual rights, and as you can imagine, has led to a big increase in the number of reported data breaches, data concerns received and a doubling of Subject Access Requests (SAR). A SAR is made by an individual to ask for a copy of the personal data an organisation or business holds about them and an explanation of what their personal data is being used for.
For businesses the ICO will continue to update its guidance, but it will also be creating four statutory codes. They will be on Data Sharing, Direct Marketing, Age-Appropriate Design, Data Protection and Journalism. The first code will be on Data Sharing and it is expected to go before Parliament Autumn 2019.
Another way the ICO is helping SMEs in a practical way is by coming out and doing a one-day Advisory Visit. The Advisory Visit covers advice to organisations on how to improve data protection practice. Following the visit, the ICO will send a short follow up report. This costs nothing and the report summarises what you need to do next. Follow this link and scroll down to Advisory Visits https://ico.org.uk/for-organisations/audits/
And finally, here is a brief overview of some of the stats the ICO shared in their ‘GDPR one year on’ report.
14,000 personal data breach reports from 25 May 2019 to 1 May 2019. In the year from 1st April 2017 the number was 3,000. Only 0.5% of these led to either an improvement plan or civil monetary penalty.
Concerns raised by the public to the ICO. From 25 May 2019 to 1 May 2019 over 41,000 which is almost double the figure for 2017/2018 which was around 21,000.
Complaints about Subject Access Requests continue to be the most frequent kind of complaint accounting for 38% of all complaints the ICO received. However, this compares to 39% before GDPR. The ICO says that all complaints have risen proportionately in line with the overall increased number of complaints.
Here at All Payrolls we do so much more for our clients than simply providing outsourced payroll services. To find out more about our experience and what we offer to our clients as trusted professional business partners take a look around our website or contact our All Payrolls head office in Birmingham.