Data specialists claim that the last 12 months of GDPR have made businesses increasingly “data focussed”, but that organisations are still making mistakes.
Speaking at a GDPR event hosted by cloud hosting firm UKFast, Susan Hill, Intellectual Property Solicitor at Clarke Willmott, said: “Businesses are placing more importance on the work of their data managers. The introduction of GDPR has been a really effective consciousness-raising exercise.”
Alison Loveday, Partner at Kennedys Law Firm, agreed that the implementation of the GDPR has delivered positive effects, but that “businesses commonly underestimate the impact of a data breach.”
The comments came in the week of the anniversary of GDPR coming into force. The EU regulation has seen just 30% of businesses make changes to cybersecurity policies or processes.
Loveday continued: “A lot of people thought they’d ticked the boxes correctly this time last year when actually they hadn’t, but they’re not aware that they’re making mistakes. Part of the gradual embedding of how the GDPR works is being more mindful about the amount and type of data you process.”
Mark Blackhurst, Co-Founder of digital marketing company Digital Next encouraged businesses to dedicate 5% of their time to the GDPR, urging managers to educate their companies, read official publications, and take advice from specialists.
“Take a step back and make sure it’s part of your business’ agenda, so it’s literally a day-in-day-out thing,” he suggested.
Loveday concurred that businesses misjudge the cost of a breach to the regulation, advising businesses acknowledge that the repercussions of a breach can go beyond fines.
“By the time you include the damage to your reputation, following up and offering support to customers, bringing in consultants to review your policies and procedures, it becomes very expensive – even before the fine.”
Yasmin Hinds, Data Risk, Assurance and Remediation Consultant at Sopra Steria, emphasised the positive effects of the GDPR in mainstream data usage: “Along with raising public awareness of breaches, I’ve seen the growth in awareness of the GDPR in social media, and an importance placed upon the ethical side of the messaging, images and data we receive.”
Loveday concluded, however: “Businesses don’t know what they don’t know about GDPR. I think people are getting there, but it would be wrong to assume that they’ve cracked it already, just one year on.”
Pictured: Clockwise from top left: Arlene Bulfin, Yasmin Hinds, Mark Blackhurst, Alison Loveday