It has been almost 5 years since the General Data Protection Regulation (GDPR) came into effect in the UK in May 2018.
Key developments and trends that emerged following the introduction of GDPR
- Brexit: UK businesses are now subject to the UKGDPR, which largely mirrors the EUGDPR.
- GDPR has resulted in high-profile fines for non-compliance, including a $50 million fine for Google and a $746 million fine against Amazon.
- Some businesses are required to appoint a Data Protection Officer under GDPR.
- Other jurisdictions, such as Brazil, California, and China, have now adopted similar data protection regulations.
- GDPR has increased litigation activity related to data protection.
- The European Data Protection Board was established to oversee GDPR implementation across the EU.
- GDPR imposes restrictions on the transfer of personal data without an adequacy decision.
- The International Data Transfer Agreement replaced Standard Contractual Clauses (SCC’s) used as a Data Transfer safeguard.
- GDPR has led to increased use of data protection tools, such as encryption and pseudonymization.
How to comply
- Review and update your privacy policies and procedures to ensure they comply with GDPR requirements.
- Implement appropriate technical and organizational measures to protect personal data.
- Appoint a DPO if required under GDPR.
- Train staff on GDPR compliance and ensure they are aware of their obligations.
- Conduct regular assessments of their compliance to GDPR.
- Notify individuals and authorities of any data breaches as required by GDPR.
TenIntelligence is a leading influence in the due diligence, fraud investigation, brand protection, and cyber security community. Reach out for Virtual Data Protection Officer (DPO) services that ensure your compliance.
Written by
Lynsey Hanson | Data Protection Officer