What happens after GDPR’s D-day? Why May 25th was only just the beginning…
Posted 6 years ago
The GDPR was adopted by the EU on 14th April 2016 – this was the starting pistol signalling the beginning of the great compliance race. From this date, organisations throughout the EU had two years – two whole years – to pretend that the regulations were nothing but a crazy dream and that everything was going to stay the same. That is, until the final months when they realised the GDPR was happening whether they were ready or not. This is why during the last few weeks you couldn’t even open a bottle of milk without pouring updated Privacy Policies all over your cereal.
But now that the May 25th deadline has passed and the GDPR is firmly in place, we can all breathe a sigh of relief, the nightmare is over…or is it?
Sadly not. May 25th was only the beginning, the beginning of an eternal era, an ever-lasting regime, a brand new epoch of data awareness from which we can never hope to escape.
Despite what people may think of the GDPR it’s much more than an updated privacy policy and a few consent forms; it’s a whole new way of being, of thinking about, of using, of sharing, of interacting with, and of being responsible for people’s personal data – and this didn’t suddenly stop on May 25th. Now that you’ve made your organisation’s data protection bed, you have to lie in it.
Your privacy policy isn’t just a tick-box exercise, it’s your organisation’s new mantra – one which needs to be lived up to. You need to continue processing the data you hold fairly and transparently, as well as any new data you acquire. You need to continually keep records of your data processing activities. You need to ask for consent from any new customers (assuming you rely on consent). You need to keep on top of the latest security trends, as hackers find new ways of circumventing the old safeguards. And you’ll always need to be hyper-aware of all the data your organisation holds at all times, taking particular care to get rid of it as soon as it has fulfilled its intended purpose.
Over half of all data breaches are caused by human error…
If you treat May 25th as the finish line, washing your hands of all things GDPR by the 26th, that’s when you risk landing your organisation with one of those brand new, massive fines – because they’re ongoing too. The GDPR is here to stay, so you’d better get used to it.
And not just you, everyone in your organisation needs to get used to it. A recent report by the Information Commissioner’s Office (ICO) – these are the guys who carry pitchforks and run the non-compliant out of town – found that over half of all data breaches were due to data being “disclosed in error”. Human error plays a huge role in data breaches, and that’s why it’s so vitally important that everyone is trained not only to understand the GDPR but to understand its importance and the importance of basic cyber essentials.
Again, the importance of training didn’t stop on May 25th, it continues and will continue for as long as the GDPR (or the Data Protection Act 2018 once Britain leaves the EU) reigns over our working lives.
GDPR & Cyber Security Training
In today’s world, GDPR and Cyber Security Training are absolutely essential for all staff who deal with data, regardless of how frequently they do so. No organisation should be risking a data breach when training is so readily available, cost-effective and engaging!
Get started today with a free, no-obligation trial and drastically minimise the chances of human error playing a part in non-compliance or a data breach!
James Kelly
Senior Scriptwriter
Related articles
Opt-in to our newsletter
Receive industry news & offers