GDPR - one year on

Just over a year ago GDPR was implemented. A much tougher law brought in to replace the Data Protection Act and offer more protection to consumers, the thought of GDPR and its much more stringent conditions struck fear into the heart of many small businesses. We thought it was time for a brief update on what is happening with GDPR one year on.

Unsurprisingly, the Information Commissioner’s Office (ICO) has not embarked on a spree to take down unwary small businesses failing to comply with the letter of the new law. The ICO has been in the news frequently over the past twelve months and has issued some enormous fines – but these cases are against large organisations such as Equifax and BT and were brought under the preceding data law.

Research suggests that across Europe GDPR-related fines have been issued only for very serious breaches such as organisations that have failed to keep customer details safe after a hack. Small businesses that are working hard to comply with the new law are almost certainly safe from any punitive action. The ICO recognises that GDPR compliance is a difficult process for many businesses and may take some time.

However, many businesses are neither compliant with GDPR nor even aware of their obligations under the law. If you think your business may not be GDPR compliant it’s not too late to do something about it! If you’re concerned we’ve put together a few helpful resources below.

More info: – one year on what fines have been issued?

GDPR one year on – IoD

GDPR guide for small businesses – ICO

Responding to data breaches – ICO

How to respond to a security breach – Computer World UK


Posted on Wednesday Jul 31