…Another Year Older And Deeper In Data.
12 months on. How is your Data Privacy Management coming along?
With apologies to Johnny Cash for mangling his song lyrics.
As I write this today, it’s nearly 12 months since GDPR came into force. Of course here in the UK it forms part of the Data Protection Act 2018.
You are probably one of the following:
One year on and we have seen many significant breaches involving personal data. Airlines, hotel chains, social media behemoths and the like, have exposed our personal data to hackers, thieves, ignorance and arrogance. Even now, nobody is really sure what “compliance” really looks like. In reality, data privacy management is either working for you or it’s not.
From the point of view of your organisation, have you noticed any changes?
Many have reported an increase in Data Subject Access Requests. Private individuals are becoming a lot more savvy about their rights and their personal data. Some businesses still aren’t up to speed with their responsibilities.
Yet we still haven’t seen much in the way of enforcement by the regulators (the ICO in the UK). Although we’re led to believe it’s coming, it looks as though it will focus on large organisations, involving data breaches so large they feel unrealistic to the rest of us.
Back to reality. How is your business getting on with data privacy?
Hopefully you will have moved on from thinking about it in terms of those fines. And you now understand that if anyone tries to sell you GDPR related products or services on the basis that if you don’t buy them you face the prospect of a business-killer penalty, you run a mile from them.
In the real world, you want to use privacy management for the business benefits it offers: Building transparency and trust to help your business attract and keep both customers and skills, for example.
However one year on and you may be experiencing a problem reported by many businesses.
The GDPR knowledge in which you invested so heavily last year has a shelf life.
People move on, systems change. Yet your responsibilities are still the same. The people who championed your efforts and made sure it was all working may no longer be there. If you’re not managing the situation carefully and regularly, are you risking becoming another year older and deeper in data?