Importance of ensuring continued compliance with GDPR
Employers are again reminded of the tough stance taken by the ICO, the UK’s data regulator, following the introduction of new EU data protection laws last year.
The head of the ICO, Elizabeth Denham, has urged organisations to face up to the challenge presented by compliance with GDPR and to move beyond baseline compliance to accountability. Denham recommends evidenced understanding of the risks to individuals in the way they process data, and focused attention on how to mitigate those risks.
The ICO has shown that it is not afraid to impose fines. In the last month alone, the ICO has given notice to British Airways that it faces a fine of £184m after personal data of some 500,000 customers was harvested by cyber criminals, and to Marriott International that it intends to fine it more than £99m after a variety of personal data contained in approximately 339 million guest records globally were exposed by a cyber incident in 2018.
A London estate agency has also been fined £80,000 for leaving 18,610 customers' personal data exposed for almost two years.
Other data breaches that have been reported to the ICO without currently action being taken include the Legal Ombudsman which revealed the email addresses of 300 recipients in the address bar by mistake and the Home Office, in which an 'administrative error' caused 240 personal email addresses to be revealed in a group email.
Employers are reminded to routinely check policies and procedures and ensure staff training is regular and updated for new staff. Reporting any breaches no matter how minor should be routine for staff and employers should be confident that all staff understand the importance of this. Employers should be cultivating an open culture where staff feel able to report mistakes. Employers should also make sure that they understand the circumstances in which they are required to conduct Data Protection Impact Assessments.
Posted on 6 August, 2019 by Ortolan