GDPR, one year on

22 May 2019


The General Data Protection Regulation was implemented throughout the EU by way of domestic legislation on 25th May last year. The Government and the Information Commissioners Office (ICO) have made it clear that the General Data Protection Regulation (GDPR), regardless of Brexit, will continue to apply, so there will be no substantive change to the rules that businesses need to follow.

As we edge closer to the one-year anniversary of GDPR, many businesses are still struggling to achieve compliance with the legislation.

Legislation compliance has proved to be a lot more challenging than some businesses firstly predicted. There is often a wide range of data covering a selection of different platforms, a rise in data subject access requests, and an increase in cybersecurity awareness.

Businesses that process personal data must not only comply with requirements of the legislation – they must also be able to demonstrate their compliance, which is an ongoing process. Businesses need to monitor and confront privacy and cybersecurity risks to ensure they are GDPR compliant, and don’t run the risk of receiving a large fine and tarnishing the reputation of the business.

Since GDPR was implemented last year, there have been almost 60,000 data breaches reported to the EU and ICO, yet fewer than 100 fines have been issued by regulators. The range of breaches reported stemmed from emails sent to the wrong address, to a lax approach to people’s data – which saw Google hit with a fine of £44m.

It is clear that people are more aware of their rights in relation to their personal data. Due to this, there has been an increase in data subject access requests. Although, 70% of UK organisations could not respond to the requests within the 1 month time limit allowed.

At the moment it seems that larger organisations have been hit hardest by the financial penalties, yet the level of potential fines for all non-compliance businesses is high, so businesses of all sizes should be diligent. If businesses fall foul of the legislation they could face crippling fines and significant damage to reputation.

GDPR should be seen as an opportunity rather than as a risk for a business. GDPR compliance means improved data quality, and improved data means more revenue.

Restoring existing data groups, and obeying consent doesn’t have to reduce sales. This is an opportunity to build on customer relationships, and implementing data effectively. The ability to comply with GDPR legislations, will improve security within a business, enhance the marketing strategy and the overall customer experience.

The Information Commissioner’s Office has produced a guide to help businesses find out what they need to do to comply with legislation:

St Helens Chamber Member’s have access to free legal advice through our ‘Chamber Protect’ services, delivered by Quest consulting. Chamber Members can access a free Legal Advice Line and have access to guidance notes and audit form templates online.

For more information about St Helens Chamber Membership or the Chamber Protect benefit please call 01744 742125 or email