Image showing EU flag, a device and a padlock representing data protectionSupporting the Public

During the first year of GDPR (General Data Protection Regulation), people realised the potential risk to their personal data. A greater awareness of the law developed, particularly regarding the rights of individuals, along with an awareness of the role of a regulator regarding the issue of rights being respected. According to research performed in July 2018, approximately one in every three people reported increased confidence and trust in organisations using and storing their personal data. This is a significant increase from the 21% reported in a 2017 survey. The Information Commissioner’s Office (ICO) surveyed Data Protection Officers in March with 64% stating that they either agreed or strongly agreed that customers and service users are increasingly exercising their information rights since May of 2018. It is important to note that the figures mentioned above are rounded to the nearest whole number.

The increase in awareness was also promoted by the use of the Your Data Matters campaign. The campaign aimed to raise awareness of the data protection rights of individuals under GDPR. This would highlight how individuals can exercise their rights and promote the availability of our company’s online guidance products. The Your Data Matters campaign resulted in over 2.5 million people accessing the website – an increase in excess of 32%.

According to the survey, service users and clients are increasingly exercising information rights since 25th May 2018. Based on this statistic, our company has been working to support the public completely. One method is through direct public-facing services being expanded, but the service also offers organisations tools available to explain the laws. We have launched a series of investigations to address and highlight the vague or invisible processing of personal data; therefore, the public remains aware of how their personal data is being utilised.

Data Protection Officers (DPOs)

Simultaneously, the push to be prepared for GDPR required companies to make significant alterations in their operation. This change determined the legal basis on which they collect a client’s personal information, how they inventory the personal data, how the data is being used in the supply chain, as well as how the consents are reconfirmed. The engagement and understanding of responsibilities and rights in the new situation was reflected in the nature of our contact with different companies, organisations and individuals. According to the ICO, helpline, written advice services and live chats received during 2018/2019, an increase of 66% was seen. Among larger businesses, GDPR  caused an increase in responsibility for DPOs.

When the DPOs where surveyed by the ICO as a feature of the DPPC 2019, the results indicated that most of the DPOs believed they were receiving more support from their organisation. The significance of work culture was considered to be one of the greatest issues when implementing GDPR; therefore, it is important that at least two thirds of all the respondents were encouraged to engage with their senior leadership on the subject. The majority of DPOs provided an accountability framework with approximately 61% stating that the company understood the significance of the framework. Overall, three quarters of the DPOs stated the information rights messages were reaching the senior leadership teams, and this was necessary to support an effective framework within their organisation. Clearly, this is positive progress; however, it is only through maintaining momentum that progress will continue. There remains a long way to go before GDPR is fully embedded and the new legislation is completely understood.

Small-medium Enterprises

Looking beyond the organisations who can afford DPOs, the ICO recognises that it is not as easy for smaller companies to become GDPR compliant. But these smaller enterprises can take advantage of external, expert help from assurance services. It takes time to fully understand data auditing, legal processes and privacy policies, and there are no “quick fixes” to ensure a person’s personal information is processed legally. It is for this reason that operating as a sole trader is particularly complicated. To assist the sole traders in understanding responsibilities, our company offers a plethora of support, resources and guidance on our website.