It’s been just over a year since the arrival of the General Data Protection Regulation (GDPR), and some businesses that haven’t taken the necessary steps to comply are starting to feel the regulator’s sting.
In July, the Information Commissioner’s Office (ICO) announced its intention to fine British Airways £183.39m after a cyber attack exposed the data of almost half a million customers – the first penalty to be publicly announced under the legislation. The next day, the ICO announced its intention to levy a second fine of £99.2m against Marriott International after an attack on its systems exposed personal data held in 339 million guest records.
The ICO’s actions are a sharp reminder for Yorkshire’s firms of the potential costs that GDPR non-compliance can bring. Under the law, the ICO has the power to fine businesses as much as €20m or four per cent of their global turnover, whichever is greater.
With a regulator clearly ready to exercise its powers, Yorkshire’s businesses must ensure that they’re doing all they can to bring their operations up to speed, or risk the penalties.
However, from our own research we know that companies across the county have struggled to handle an upswing in GDPR personal data access requests from their customers and employees.
Under the GDPR, individuals have the right to file data access requests to receive a copy of personal data that organisations hold on them, along with information such as why their data is being used. In most cases, organi-sations must respond to a data access request within just one month.
Our research, conducted just after the GDPR’s first anniversary, found 57 per cent of Yorkshire firms have seen a rise in data access requests in the year after GDPR was introduced in May 2018.
But strikingly, 81 per cent of these had found effectively responding to data access requests challenging, citing complexity and a lack of time as their biggest hurdles.
Addressing this issue will likely be high on the agenda for many, and one way firms can support their efforts is by pursuing greater digitisation – ensuring that paper documentation containing personal data from employees and customers is digitally accessible.
Meanwhile, having the right technology in place – such as automated scanning and data capture systems – could help to free up valuable staff resources for other essential activities.
There are options available for those who want to benefit from digitisation without having to invest in their own systems. At Parseq, we digitise 25 million paper documents every year, providing our clients with solutions that use technologies like optical character recognition and Robotic Process Automation (RPA) to build secure, searchable online archives of their documentation.
With GDPR firmly bedded-in, Yorkshire’s firms can’t afford to be complacent in complying. Reducing a reliance on paper documentation through digitisation can help them more effectively respond to data access requests and reduce risk in an environment where the ICO has shown its teeth.