It is just over a year since the General Data Protection Regulations (GDPR) came into effect.
Organisations all over the country spent considerable time and energy working out what steps would be required to make themselves ready for compliance with the new General Data Protection Regulations..
One of the major incentives to get it right was the significant increase in potential fines, up to a maximum of 4% of turnover, or €20 million (whichever is the higher). There have been some pretty eye watering sums announced such as the €50 million fine given to Google by the French supervisory authority for various breaches of its GDPR privacy obligations.
Organisations should have by now carried out a full assessment of their data processing activities and any risks that may exist regarding the collection, storage and processing of personal data.
I believe the level of scrutiny of organisations to ensure their compliance with GDPR will increase. The privacy and security of data becomes ever more important in this technological world and effective measures to protect individuals, without stifling the efficient running of an organisation, will become critical as time progresses.