When GDPR came into force, many people expected to wake up to find a Data Protection Commission inspector in their workplace on the morning of May 26th, 2018.
The reality is that regulators, employers, and data subjects have all taken the first year of the new data protection regime to familiarise themselves with their rights and obligations.
What did employers learn from the first year of GDPR?
The European Commission issued a press release on GDPR’s first anniversary noting the “teeth” GDPR has armed regulators with and the increased awareness of data protection principles amongst EU citizens.
The Commission also sent a clear message to member states to create a predictable data protection environment which avoids placing excessive burdens on the SME sector.
So while year 1 post-GDPR was largely a ‘getting to know you’ process, employers can expect to receive more access requests from individual data subjects along with increased enforcement activity at both national and EU data protection watchdogs in the years ahead.
Data Protection Commission annual report
The Data Protection Commission (DPC) published its first annual report since the introduction of the General Data Protection Regulation (GDPR) covering the period between May 25th, 2018 and December 31st, 2018.
The DPC reported a significant rise in the number of data subject complaints suggesting that individuals are much more aware of their data protection rights post GDPR.
The figures also indicate that individual data subjects are more likely to report perceived misuses of data or failures to explain how their personal data is being handled.
It is possible to infer that employees are therefore more informed on their data protection rights and more likely to query their employer’s data handling procedures in the wake of GDPR.
The cost of cybercrime
A separate report conducted by PwC revealed that Irish organisations lost up to €810,000 through cybercrime over the last two years.
The number of Irish organisations that have reported a cybercrime incident has also risen from 44% in 2016 to 61% over the last two years.
What does this all mean for employers?
While many organisations put a lot of time, money, and effort into their GDPR compliance efforts, the challenge for the SME sector is to continue to embed data protection principles into operations and processes on an ongoing basis.
With the DPC announcing in recent weeks that it's beginning an inquiry into Google’s data protection compliance and statistics revealing that organisations are at increased risk of claims by data subjects, it's clear that employers need to continue to keep data protection near the top of their priority list.
Need our help on GDPR compliance?
For advice on GDPR compliance from an expert, our advisors are ready to take your call any time day or night on 0818 923 923.