An interesting article by Georgina Graham of Osborne Clarke looking at the first year of life under GDPR and what to expect in the next twelve months.
It goes without saying that GDPR has led to many more reports of data breaches in the UK - as pre-GDPR reporting was only mandatory in certain industries, however, as noted in the article, overt enforcement, save for one or two very notable exceptions, has been lacking. The key word here is overt and I am sure much is going on behind the scenes which will reveal itself over the next 12-18 months as actions unwind and become public.
Beyond the direct and overt regulatory action, as well as that to come, there are also two other notable trends that have impacted or will impact business identified in the article: class-action style litigation and data subject requests - both of which can impact businesses in different ways.
Businesses need to continue to take GDPR seriously, monitor how it develops and stay on the front foot. As noted in the article, now is a good time to carry out a compliance audit as well as continue to focus on five key areas: policies and procedures; third party relationships; privacy impact assessments; training; and breach response.
It is safe to say that 2018 was a busy year in the world of data protection and privacy, but it shows no signs of slowing down into 2019 and beyond. DPA enforcement has not quickly produced prohibitive fines (as had been widely expected). Enforcement activities have slowly unfolded, and take some time. We expect to see much more, and more high-profile, results of these activities in the near future.
