The new enforcement is now in place. Businesses and organisations impacted by GDPR have had two years to get your systems ready. However, it’s likely that many of you will not be entirely ready for GDPR.
Elizabeth Denham, the UK information Commissioner has stated she won’t be looking to make examples of companies by issuing large fines when they’re not deserved. The ICO largely takes a collaborative approach to enforcement. Denham has said her office will look to engage with companies rather than issue them with punishments straight away. Companies who have shown awareness and taken steps to comply with GDPR are likely to be treated better than those who haven’t done any work around it.
As employers you need to stay updated and understand GDPR ‘readiness’ is not a one-off event. No organisation can say it is ever fully GDPR compliant as:
•GDPR compliance requires that all policies, training and procedures are reviewed and updated on a regular basis.
•The ICO is continually updating its guidance and refining its approach. How the ICO will interpret the GDPR remains to be seen. You should try and stay up to date by checking the ICOs “What’s New” page.
•The European Data Protection Supervisor (previously the Article 29 Working Party) is also expected to issue new guidance and interpretation
For more information, contact our Employment Team.