DarkLight mode
News – 10.04.24
Form PF: Are you up to speed with the latest developments?
Through this insight we will bring to your attention the main changes in a bitesize manner so that you can stay abreast of the requirements as they may apply to your firm. … Read more
Insight – 16.04.24
US and UK tax on carried interest
Learn more about the opportunities to minimise double taxation for dual US/UK taxpayers … Read more
Upcoming event – 29.04.24
Governance code updates and advice for Further Education colleges from Buzzacott and the ESFA
Join Buzzacott and the ESFA for a governance update for further education colleges … Read more
Find us quickly
130 Wood Street, London, EC2V 6DL
enquiries@buzzacott.co.uk T +44 (0)20 7556 1200
When GDPR was first introduced, as a team we sensed there was a sense of panic faced by our clients around potential penalties. Some put in place tactical plans and implemented policies and procedures in a bit of a rush. Most of them would not have been fully compliant even after putting these in place, as we witnessed through audits, there was so much to do. Implementation of GDPR by itself is not enough, GDPR compliance is a continuous process; it needs to be audited frequently to understand what the organisation has achieved and where improvements still need to be made. Employers also need to embed GDPR into every employee’s (who deal with personal data) way of working.
Across Europe, nearly 60,000 breaches were reported during just the first eight months following implementation of the GDPR and the Information Commissioner’s Office released details of some enforcement action they have taken in relation to these breaches. These breaches include deliberate avoidance of data protection obligations, people not being aware of their responsibilities and simply not understanding the seriousness of a breach.
Employers need to ensure ongoing staff training is a priority to meet their data protection obligations. This not only applies to existing staff, but training needs to be delivered to new employees and those that have been promoted to ensure they understand the data protection implications of their new role, and how the employer uses data.
The introduction of GDPR saw an immediate rise in data subject access requests (DSARs), due to increased awareness and no charges. Only a third of organisations currently comply with requests and fulfil DSARs, within the legal timeframe of one calendar month from receipt of the request.
Subject access requests no longer need to be made in writing. Organisations should enable requests to be made via telephone, webform, social media or in person. Requests also do not even have to use the term - “Data subject access request”, the request just has to be clear that the individual is seeking their own personal data. It is therefore vital that employees who have customer or client contact know how to recognise a DSAR and how to action the request.
GDPR is a piece of very complex legislation and is an area that will continuously evolve, especially in this political climate. With this in mind, you should start thinking about whether your organisation is GDPR compliant?
HR advice for businesses
1
HR advice for charities
2
16 April 2024
The Good Work Plan: The largest upgrade in a generation to workplace rights
Get ready for April 2020, review your annual leave policy
Contact us
6
