One Year On And What Do You Get? - On Data Privacy

One Year On And What Do You Get?

another year older

…Another Year Older And Deeper In Data.

12 months on.  How is your Data Privacy Management coming along?

With apologies to Johnny Cash for mangling his song lyrics.

As I write this today, it’s nearly 12 months since GDPR came into force.  Of course here in the UK it forms part of the Data Protection Act 2018.

How Is Your Data Privacy Management Coming Along?

You are probably one of the following:

  • You think you are “compliant”.
  • You know you’re not “compliant” but you’re working on it.
  • You think it’s all been a waste of time.
  • You haven’t started yet.
  • You tried but it all got too confusing.
  • You’re making a lot of effort and it’s proving worthwhile.
  • You made an effort but you now have other priorities.
  • It’s not.

One year on and we have seen many significant breaches involving personal data.  Airlines, hotel chains, social media behemoths and the like, have exposed our personal data to hackers, thieves, ignorance and arrogance.  Even now, nobody is really sure what “compliance” really looks like.  In reality, data privacy management is either working for you or it’s not.

From the point of view of your organisation, have you noticed any changes?

Many have reported an increase in Data Subject Access Requests.  Private individuals are becoming a lot more savvy about their rights and their personal data.  Some businesses still aren’t up to speed with their responsibilities.

Yet we still haven’t seen much in the way of enforcement by the regulators (the ICO in the UK).  Although we’re led to believe it’s coming, it looks as though it will focus on large organisations, involving data breaches so large they feel unrealistic to the rest of us.

Back Down To Earth

Back to reality.  How is your business getting on with data privacy?

Hopefully you will have moved on from thinking about it in terms of those fines.  And you now understand that if anyone tries to sell you GDPR related products or services on the basis that if you don’t buy them you face the prospect of a business-killer penalty, you run a mile from them.

In the real world, you want to use privacy management for the business benefits it offers:  Building transparency and trust to help your business attract and keep both customers and skills, for example.

However one year on and you may be experiencing a problem reported by many businesses.

The GDPR knowledge in which you invested so heavily last year has a shelf life.

People move on, systems change.  Yet your responsibilities are still the same.  The people who championed your efforts and made sure it was all working may no longer be there.  If you’re not managing the situation carefully and regularly, are you risking becoming another year older and deeper in data?