One year on from the introduction of the General Data Protection Regulations (GDPR) and the UK’s Information Commissioner believes there is still more to do to build the public’s trust and to operationalise and normalise the new regime.
The Information Commissioners Office (ICO) has published a document on its reflections and learnings from the past twelve months since GDPR was introduced.
Elizabeth Denham, Information Commissioner, wrote in a blog that people have woken up to the new rights GDPR delivers, with increased protection for the public and increased obligations for organisations. However, there is still much to do to build trust and confidence.
“With the initial hard work of preparing for and implementing the GDPR behind us, there are ongoing challenges of operationalising and normalising the new regime. This is true for businesses and organisations of all sizes,” she said.
Looking ahead, she explained that the ICO’s work will focus on helping UK business to deliver what is needed and to ensure that Data Protection Officers (DPOs) are embedded and supported in their respective organisations by senior management.
“The focus for the second year of the GDPR must be beyond baseline compliance – organisations need to shift their focus to accountability with a real evidenced understanding of the risks to individuals in the way they process data and how those risks should be mitigated. Well-supported and resourced DPOs are central to effective accountability,” said Denham.
She added that the ICO is committed to supporting DPOs and organisations, but that responsibility for compliance lies with organisations.
“For those who do not take this responsibility seriously or those who break the law, we will act swiftly and effectively,” said Denham.
