Fines for non-compliance - is your business at risk?
Obligation to pay ICO’s Registration Fee
How are organisations faring on GDPR compliance?
- Monitoring the internal performance of data protection standards was poor, with about 25% of respondents having no programmes in place to conduct self-assessments and/or internal audits.
- While there was a generally high proportion of organisations providing initial training to staff, there was often a failure to provide refresher training to existing staff.
- The organisations who carry out good practice have monitoring programmes in place, including carrying out annual audits or reviews and/or regular self-assessments.
- However, nearly half of the respondent organisations did not keep adequate records of all data security incidents and breaches, with a number reporting that they had no processes in place to deal with data security incidents.
- Only 67% of organisations who provided a response said that they conduct regular self-assessments or audits of internal data protection standards and practices, and only 67% indicated that they maintain inventories of personal data held.
How can organisations demonstrate that they remain compliant?
- Taking GDPR compliance to the heart of the organisation, with management taking responsibility.
- Understanding what obligations organisations have on processing personal data, and how that affects the organisation itself.
- Knowing what data is held, who it relates to and how it is held and shared (and checking this at least annually – and recording those checks).
- Only processing data in accordance with lawful basis and the GDPR (including when dealing with third parties).
- Remaining transparent and informing individuals of what personal data is held about them, why and what is done with that data.
- Having systems and policies in place (including technical measures such as security) to deal with how and what data is processed (and keeping this under regular review).
- Recording decisions made about how data is processed.
- Regular training (and refresher training) and monitoring of staff to remind and test on their compliance.
- Acting swiftly to protect individuals’ rights over their personal information (including dealing with requests for information and dealing correctly with breaches).
- Testing and auditing data protection measures and using audit results and metrics to demonstrate compliance.
Read more of our latest blog posts, featuring all the latest legal news, analysis and opinion from our expert lawyers.
- By Lawbite Team
- November 16, 2020
The supervisory authority for GDPR compliance, the Information Commissioner's Office (ICO), has recently published its decision to fine British Air...
- By Lawbite Team
- March 26, 2020
Many businesses have needed to adapt and embrace remote working. For many, this can raise new working practices and question how data is managed wi...
- By Lawbite Team
- March 19, 2020
Coronavirus and its spread across borders is a concern for employers and employees. While employers will be concerned to ensure their business’ con...
LawBite can help you
LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.
Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.