Last May saw the biggest change to the data protection landscape in decades with the introduction of the GDPR and the Data Protection Act 2018. One year on and the ICO has released an update to share its thoughts and learnings from the past 12 months. It acknowledges that although many organisations have spent a considerable amount of time and resource in preparing for the GDPR, compliance is an ongoing battle and the focus for the next year will be around accountability, and ensuring organisations take responsibility for how and why they process personal data.
Breach handling and managing requests and complaints from data subjects are clearly some of the biggest challenges organisations face. In the past year, 14,000 data breaches were reported to the ICO and 41,000 complaints were made by the public (38% of which related to the handling of subject access requests). The health sector accounted for 16% of personal data breaches reported to the ICO and 7% of complaints, and local government accounted for 8% of personal data breaches reported and 9% of complaints.
Although no fines have been levied by the ICO under the new legislation, it is only a matter of time, and with Brexit looming and further updates and guidance from the ICO due in the next few months, the data protection landscape is likely to continue to shift and develop.
For advice or assistance around data protection, Bevan Brittan’s specialist Information Law team would be happy to help.