DarkLight mode
News – 18.11.24
International Men's Day - breaking the silence around men's mental health
International Men's Day - breaking the silence around men's mental health … Read more
Insight – 20.11.24
A change in US Presidency: How might it affect your finances?
In this article, we explore the potential economic and financial impacts of Donald Trump's return to power. … Read more
Upcoming event – 10.12.24
Funding innovation in the technology sector: Are the government doing enough?
Join us for an exclusive roundtable breakfast to explore the question of whether the government are doing enough to support innovation in the technology sector. … Read more
Find us quickly
130 Wood Street, London, EC2V 6DL
enquiries@buzzacott.co.uk T +44 (0)20 7556 1200
When GDPR was first introduced, as a team we sensed there was a sense of panic faced by our clients around potential penalties. Some put in place tactical plans and implemented policies and procedures in a bit of a rush. Most of them would not have been fully compliant even after putting these in place, as we witnessed through audits, there was so much to do. Implementation of GDPR by itself is not enough, GDPR compliance is a continuous process; it needs to be audited frequently to understand what the organisation has achieved and where improvements still need to be made. Employers also need to embed GDPR into every employee’s (who deal with personal data) way of working.
Across Europe, nearly 60,000 breaches were reported during just the first eight months following implementation of the GDPR and the Information Commissioner’s Office released details of some enforcement action they have taken in relation to these breaches. These breaches include deliberate avoidance of data protection obligations, people not being aware of their responsibilities and simply not understanding the seriousness of a breach.
Employers need to ensure ongoing staff training is a priority to meet their data protection obligations. This not only applies to existing staff, but training needs to be delivered to new employees and those that have been promoted to ensure they understand the data protection implications of their new role, and how the employer uses data.
The introduction of GDPR saw an immediate rise in data subject access requests (DSARs), due to increased awareness and no charges. Only a third of organisations currently comply with requests and fulfil DSARs, within the legal timeframe of one calendar month from receipt of the request.
Subject access requests no longer need to be made in writing. Organisations should enable requests to be made via telephone, webform, social media or in person. Requests also do not even have to use the term - “Data subject access request”, the request just has to be clear that the individual is seeking their own personal data. It is therefore vital that employees who have customer or client contact know how to recognise a DSAR and how to action the request.
GDPR is a piece of very complex legislation and is an area that will continuously evolve, especially in this political climate. With this in mind, you should start thinking about whether your organisation is GDPR compliant?
HR advice for businesses
1
HR advice for charities
2
20 November 2024
The Good Work Plan: The largest upgrade in a generation to workplace rights
Get ready for April 2020, review your annual leave policy
Contact us
6
