Today it’s one year exactly since GDPR came into force in the UK and after the initial fanfare, for most of us life returned to normal and not much has changed. Or has it?
There definitely seems to be less attention on GDPR however just because it hasn’t had the press coverage afforded to the topic this time last year, don’t let this lull you into a false sense of security. The regulations are still as important as they were a year ago and it really wasn’t just a storm in a teacup.
By the nature of GDPR’s jurisdiction, any prosecutions or enforcement cases are not settled quickly and this is one of the reasons that you may not have heard of many cases of GDPR violations other than the high profile data breach cases that the media, correctly, highlighted.
Facebook were fined £400,000 for failure to sufficiently protect the privacy of its users and unlawful processing of the data. Uber were fined £385,000 for insufficiently protecting the personal information of 2.7 million of its UK users during a cyber attack and Leave UK were fined for serious breaches of electronic marketing laws. So, fine GDPR is still here but there still interested in the big boys, yes?
Unfortunately, no. Smaller businesses are still at risk of prosecution. The Information Commissioners Office (ICO) is busy enforcing data protection legislation regardless of size or notoriety. Examples of fines issued by the ICO over the past year include:
- to a Kent pensions company for sending out nearly 2 million marketing emails without consent
- to a funeral company for making unlawful marketing calls
- to Bounty (UK) for sharing personal information without making it clear to the data subjects that they may be doing this
- to a window company for making 55,000 marketing calls to people who had registered with the Telephone Preference System (TPS)
The ICO has also begun formal enforcement procedures with 34 organisations who have failed to pay the data protection fee. Recently, they issued their first fines in relation to failing to register including a £4,500 to a business in Telford (the average fee is round £60 per year).
GDPR compliance is still very much on their radar. The ICO has been supportive of giving businesses the time to adjust to the new regulations, particularly smaller businesses, and experts in the industry are anticipating increased enforcement activity by the ICO in GDPR’s second year.
To mark the first anniversary of GDPR we will be publishing a series of helpful posts over the next week to support small business owners.
To kick start our GDPR week here are two steps you can take to remind yourself of your data protection responsibilities:
Download our ‘GDPR compliance in 10 Easy Steps’.
We will be covering each of the main steps during the week so it will be useful to have the pack in front of you. You can download it here.
Visit the ICO website
And complete their registration self assessment to see if you need to register and pay the data protection fee. Click here.
If you have any specific questions about your business, give us a call and we’ll be happy to chat to you and suggest ideas or point you in the right direction.
See you Monday!
As always, please note: we are not lawyers or GDPR experts and we provide advice to the best of our knowledge based on the current information available and without prejudice. GDPR remains the ultimate responsibility of the business owner and we encourage you to always do your own research.