Six months on, nearly half of businesses (41%) are MORE worried about GDPR

Published Wednesday, November 21, 2018 7:45 AM by Dean McGlone, V1

From uncertainty around consent to confusion around how to stay compliant, the announcement of the General Data Protection Regulation (GDPR), Europe's new framework for data protection laws, unnerved many. Still, at least there was a two-year preparation period before it came into force on 25th May this year, right?   Businesses and public bodies covered by the regulation had plenty of time to prepare for the changes, didn’t they? Unfortunately it appears not.

Six months on, rather than feeling confident in the measures they’ve put in place, the results of our latest customer survey shows that 41 per cent of British businesses say they are actually more worried. Now the deadline is passed, it seems many are waking up to the realisation that rather than a one-off campaign, GDPR is an ongoing reality – the effective management of the exploding number of data and documents that we all hold has risen to one of the top issues facing organisations.

One of the biggest, and most talked about elements of the GDPR has been the ability for regulators to fine businesses that don't comply with it. Offences with more serious consequences can have fines of up to €20 million or four per cent of a firm's global turnover (whichever is greater); a daunting prospect, particularly as Facebook and British Airways have already come under scrutiny from regulators. As if that wasn’t enough, the upcoming ePrivacy Directive, designed to protect the personal data in electronic communications, is set to further increase the pressure. Almost half (43 per cent) of our respondents admitted they don’t know what it requires. Designed to be complementary to the GDPR, it actually covers entirely new ground and because the Directive is still in the implementation stage, it is difficult to say with certainty what its complete scope will be.

Clearly, the protection of data is a key priority for regulators right now. The enhanced availability of data in this increasingly digital world explains why this is the case, but understanding why doesn’t make compliance easy to achieve. For most businesses, preparing for GDPR has already been a time-consuming, costly and resource-heavy process. Given the effort involved in this initial push, maintaining this pace to keep up with the now-necessary compliance could leave organisations struggling, particularly with the addition of the ePrivacy Directive. However, regular training updates will ensure employees recognise the need for data protection as a necessity. Encouragingly, 41 per cent of respondents said they had implemented new working practices to staff since the GDPR came into force, and 65 per cent had put new policies and procedures into place. It is without doubt vital for companies to find a way to make compliance sustainable – raising awareness with teams and up-skilling staff is a key route for this.

One way of doing this is to use process automation software such as an automated Document Management System (DMS). Storing, managing and tracking electronic documents and electronic images of paper-based information in one place and in real-time, supports compliance requirements by providing traceability on all documents. This can not only greatly simplify data processes, save huge amounts of time and remove the element of human error, but make it possible to implement standard workflows for processes. Standardising workflows greatly simplifies the handling of errors and privacy issues. They can be automatically flagged, managed and rectified. This is vital as organisations only have 72-hours to gather all relevant information and report the incident to the regulator once they have become aware of a data breach. Automation can quickly locate impacted data and affected groups of people and help avoid subsequent fines. It will also prove more cost-effective and can make production of the reports and audit logs needed to prove compliance routine.

GDPR may still be in its infancy in terms of coming into force, but one of the biggest mistakes an organisation can make is to regard it as a one-off process. The need for compliance is not going to go away, and as a business’s data continues to grow and become more complex, it’s crucial that businesses assess their current procedures to ensure they can continue to meet new requirements – or face the fines later.