GDPR – What Have We Learned One Year On?

GDPR A Year On Main Article Image

Last month saw exactly one year since GDPR was introduced, a regulation which made businesses think twice about how they handle and distribute data. But what have we learned since then?

Surprisingly, a recent research study conducted by ACCO Brands – Rexel to mark one year since GDPR was introduced, suggests that businesses may still not be as GDPR ready as they believe they are.

In fact, some highlights from their report indicate that:

30% of those asked believe that GDPR only applies to digital data and not written data.

75% have still yet to update their approach on physical data management and distribution.

65% confess that they haven’t purchased any new or updated paper shredding equipment even with GDPR legislation coming into full force.

53% of businesses in the survey claim they don’t use a shredder in the workplace or only have access to one.

52% are still unsure on the different shredding security levels available and how they relate to GDPR compliancy.

Their findings are certainly alarming and the consequences for infringing on GDPR legislation apply to everyone.

A good example of this is news last year that Google were fined £44 million due to how the website used consumer data in order to provide targeted advertising.

So with ACCO Brands – Rexel’s survey providing for some concerning reading on how businesses could be lapsing when it comes to meeting GDPR compliance, what do other important figures in the industry think about the current state of GDPR just one year on?

GDPR Still Needs to Become A Priority for Businesses

Speaking to the media outlet OPI, European Business Team Manager for Business Machines at Fellowes, Johan Hereijers, expresses how GDPR needs to be taken more seriously.

“GDPR should be a priority as we are all responsible to comply with the regulation.

Compliance doesn’t have to be overwhelming; it is easier to make small adjustments instead of big, immediate changes.”

Darryl Brunt, Country Head UK & Ireland also of Fellowes, supports these comments whilst providing a stark warning to business who refuse to comply with the regulations, providing his thoughts to Information Age whilst commenting:

“One in ten workers don’t know who is responsible for GDPR within their business, and the truth is, protecting confidential data is everyone’s responsibility.

It’s also troubling to see that almost one in five workers haven’t been given a concrete policy for handling GDPR.

This has to change, or businesses will pay the price.”

Both Paper and Digital Should Be Part of a GDPR Strategy

Martijn van der Werl, Interim Legal Counsel at KYOCERA Document Solutions Europe, was one of several key contributors to KYOCERA’s GDPR compliance guide launched early last year.

In an article featured in The Recycler magazine to promote the launch of KYOCERA’s guide to achieving document management, van der Werl places importance on both digital and paper data both being considerations in following the data regulations.

“If properly managed, both paper and digital files can co-exist within a GDPR strategy.

For paper-based data, labelling and filing is vitally important when it comes to the requirement to track down and destroy specific data.

Organisations need to be in a position to confidently demonstrate that they have erased all traces of personal data when the relevant request has been made.”

Many SMEs Still Struggling to Become Fully Compliant

One area of which could be held accountable for struggling to become fully complaint to GDPR regulations is small businesses and small business owners, who as Lead Cyber Underwriter at Hiscox UK, Stephen Ridley explains, may be doing very little to the bare minimum in order to adapt to the changes.

“I imagine that very few companies would have adequate and documented processes in place to ensure that they are able to comply with a subject access request (i.e. the requirement to provide a data subject with all of the personal data that is held on them within the 30-day period as stipulated by GDPR.

Failing to do so opens up the potential for regulatory actions by the ICO, and even a financial penalty.

These matters would fall into the lower fine bracket, with a maximum of £7.9m or 2% of global turnover – though fines at that level are likely to be reserved for the most severe breaches by large companies.”

What Have You Learned One Year on From GDPR?

Whilst the cases we’ve highlighted above seem to paint a picture of GDPR compliance still being an issue across the industry, we’d love to know what you’ve experienced a year on from the introduction of GDPR.

Have you, like some of the examples contained in this article, been struggling to comply with areas of GDPR?

Or has a year of the regulations being firmly in place meant you’ve been able to manage your data collection and data distribution more effectively and securely?

Leave us your thoughts in the comments below.

About Author

Sam Rose

Related Posts