GDPR has landed – so what now?
Simon Palmer takes a look at the data privacy landscape post 25 May
The day that every business was dreading finally arrived; data protection ‘D-Day’ came and went on Friday 25 May, and despite the GDPR hype hitting inboxes across the country the world didn’t come to an end.
Now that the deadline has passed we can take a look at the impact of the changes so far and consider what will change for businesses in the next few months.
There has already been a flurry of data released which makes some interesting reading, including:
- Research conducted by the Chartered Institute of Marketing (CIM) highlights that of the consumers that were polled, 48% still lacked an understanding of how organisations use their personal data. This is an increase from 31% since the same research was conducted two years ago.
- Only 41% of individuals polled are aware of the new regulations, demonstrating that despite the hype there is still a lack of understanding of what the new regulations mean for people, and what their rights now are.
- When looking at businesses themselves, research commissioned by Cybersecurity Insiders found that only 7% of those surveyed confirmed that they were fully compliant in time for the deadline. With consumers, of those surveyed 25% admitted having no or limited knowledge of the new law. (The full report from Alert Logic is available at https://tinyurl.com/ycacy4aq.)
So despite the pre-deadline hype and activity it seems that there is still a way to go to get the legislation fully implemented and understood.
Large brands the first GDPR targets
It was probably inevitable that major brands would be among the first targets for the regulators and within hours of the deadline Facebook, Instagram, Google and WhatsApp become the first brands to hit the headlines.
European consumer rights organisation Noyb has filed a complaint against these organisations citing that their new terms of service do not comply with GDPR, as they did not allow users to consent freely. If the complaint proceeds, it could result in fines of more than £3bn.
Certainly, articles in the press about the size of potential fines struck fear into the small business community who would be unable to pay the level of fines being discussed.
However, Elizabeth Denham, the Information Commissioner, has confirmed that small businesses that did not make extensive use of customer data would not come under close scrutiny.
She was also keen to make it clear that the ICO are not on the hunt to persecute any misdemeanour in regards to the new regulations.
Does it mean small businesses are off the hook? No, but it does relieve concern that as long as businesses are taking steps to protect the data they hold the ICO will be sympathetic towards them. It is organisations who are ignorant of or deliberately disregarding data protection that need to be wary.
It is clear that there is still a way to go for businesses and consumers alike to get to grips fully with the changes and there are certainly likely to be further high-profile stories hitting the headlines over the forthcoming months.
The GDPR will continue to evolve, with another set of regulations on the horizon in the form of the updated Privacy and Electronic Communications Regulations (PECR), so data protection is going to be a hot topic for a considerable time to come.
PECR sits alongside GDPR and governs e-privacy rules. No official news has yet been circulated explaining how PECR could be updated following GDPR.
It’s not just a marketing issue
The focus in the run up to the 25 May was very much on the handling of marketing data, with consent emails landing in inboxes across the country by the thousands. However, what shouldn’t be forgotten is that GDPR covers more than just the personal data held by a business on its customers. Employee data falls within the regulations too, something that many businesses appear to have missed. Storing and sending salary and other personal information on employees (including payslips) needs to fully comply with the legislation and employees need to be communicated with and consent obtained.
At Qtac our new online portal has been designed specifically for this purpose. It enables businesses to securely manage and share their payroll data between the business, their payroll provider and employees. For a free demonstration call 0117 935 3500
- Simon Palmer is Sales and Marketing Director at Qtac Payroll
Accounting Practice Online is part of the ICPA, which is an organisation designed to provide support and guidance for accountants in practice. With 35+ practice specific benefits there has never been a better time to join. Take a look at the routes to membership today.