Five reasons to review your GDPR compliance right now

time to review your GDPR compliance

Share This Post

The Accountability principle

When the General Data Protection Regulation (GDPR) came into force in May 2018 it introduced a new data protection principle: Accountability. This new principle requires organisations to be able to demonstrate their compliance and introduced a number of new obligations from carrying out DPIA, reporting breaches to documenting your data processing activities (so you have that to hand if the ICO should ask).

But, that’s not all. Article 24 of the GDPR, when talking about a Data Controller’s GDPR obligation says Controllers need to “implement appropriate technical and organisational measures” to ensure and demonstrate compliance and that “those measures shall be reviewed and updated where necessary”.

What this means in practice will depend on your organisation. Arguably you should be ensuring GDPR compliance on a daily basis, but for most organisations at the very least GDPR compliance should be kept under review at “appropriate intervals” (according to the ICO).

So, this means that you should be on a regular basis (probably annually) make sure your processes are up to date and reflect your current data processing activities.

In todays “new normal” this is more important than ever! So, here are three reasons why you should be considering reviewing your GDPR compliance right now – if one or more of these applies, you really should be meeting your Article 24 obligations:

Five reasons

1. It’s two years since GDPR came into force

Believe it or not GDPR came into law over two years ago (on the 25th May 2018 to be precise). If you’ve not looked at your GDPR since, or at least not considered whether it needs updating, then you really out to check you’re still compliant.

2. Has your business changed?

If in the last two years your business has changed or since you last checked your GDPR compliance, you business has changed, you should be reviewing your GDPR compliance. Right now, this could be because:

  • Coronavirus has meant you’ve changed the products or services you provide
  • Coronavirus or otherwise, you’re doing things differently now (introduced new systems, new processors, etc.)
  • You’ve taken on more staff (remember there are some Accountability principle obligations that change if you have over 250 employees)
  • You’ve had to let staff go – so is GDPR compliance still being taken care of?

3. The “new normal”

Coronavirus has certainly served us a curve ball. We’ve had to think on our feet in terms of what we offer and how we work. There’s a number of things you may have changed recently thanks to COVID-19 that require you to look again at your GDPR compliance:

  • Your employees are working from home either on a more permanent basis, or you’re more flexible for home working – have you made sure this is GDPR compliant?
  • You’re using video conferencing (e.g. Zoom) more often rather than meeting people in the flesh
  • Employees are returning to work and you may be having to deal with temperature checks or the NHS Test & Trace programme if someone isolates having tested positive

I think the key thing here is that in the recent past, whilst we’ve been in lockdown, there’s been an element of us doing our best in the circumstances and that may be a good excuse if things aren’t quite right, but as our new ways of working become more normal, there is likely to be less acknowledgement or excuse for doing your best, and more focus on this being the new normal and you now need to make sure you’re getting it right – excuses won’t do for much longer

4. Brexit-proper is coming

From 1st January 2021 the Brexit transition period will have ended and the UK will have properly left the EU. From a GDPR perspective there are some challenges, particularly if you target EU citizens and/or process EU citizen data on behalf of EU organisations. Furthermore, there are implications around the GDPR “one stop shop” for enforcement, EU and UK representatives and questions about whether the EU will grant the UK GDPR as being adequate. You need to prepare now for what this might mean for your organisation come 31st December 2020

5. Elements of the law change

Whilst it can be argued, particularly in the UK that very little enforcement action has been taken under GDPR (there has only been one GDPR enforcement so far) the recent ICO annual report indicates they’re not sitting idle and keeping busy. But that’s not all:

  • Guidance and interpretation changes from time to time
  • The ICO sometimes produces more detailed guidance, or codes of practice (e.g. on marketing, on services aimed at children, etc.) that might apply to you
  • A recent legal case has meant there are now questions about using US data processors

If you’re not up to date on any new developments or changes and haven’t updated your internal processes, staff, etc. then your GDPR compliance may well be out of date

We’re here to help

Get a 3 month “review and do”

If you’re GDPR compliance needs a refresh or a review, sign up for our “review and do” service – this is a 3 month subscription to our GDPR UNLIMITED helpline where we use the “hands-on” hours (4 per month) to carry out a review, report on our findings and help you implement the recommended actions. Not only is this a cost effective way to review your GDPR compliance but it helps you spread the cost as well and you get access to our online resources and unlimited email/phone support (although we can of course carry out a standalone review and report as well). If this is of interest, you can sign up for the 3-month “review and do” here, or find out more about our services here or just set up a call for us to have a chat about your GDPR compliance and how we can help

Get up to speed and learn the GDPR detail

If you’re looking to get back up to speed with what GDPR compliance is all about, we’re re-running our 10 week GDPR Weekly Workout. Starting on the 7th August with a free GDPR refresh session, we will look, week by week at the various elements of GDPR in detail. You can find out more about our GDPR Weekly Workout here and sign-up for all 10 sessions, for a discount (and spread the cost), here.

Free webinars

We’ve also always running a number of free webinars, like the ones we’re running on the changes to Privacy Shield, preparing for a no-deal GDPR Brexit and the “new normal” 

Let’s chat

Or just simply get in touch with us, for a chat.

More To Explore

Eat. Sleep. GDPR. Repeat.

We live and breathe GDPR and ePrivacy compliance, so you don’t have too. Our GDPR UNLIMITED helpline is all about offering you help and support, whenever you need it most. As well as the unlimited helpline, you get up to 4 hours “hands-on” help each month, which we can configure to help you in anyway you need such as a GDPR review, or acting as your DPO.

As well as the unlimited helpline and hands-on help you get GDPR and privacy updates, access to our GDPR knowledge centre and webinars.

Unlimited email & phone support

Unlimited email and phone support. Email or organise a voice call as often as you need each month.​

Up to 4 hours "hands-on" help per month

We use these "hands-on" hours to do the GDPR work for you, such as reviews, acting as your DPO, checking DPIA, dealing with breaches, training your staff, etc. (Additional hours: £100+VAT per hour)

Online resources

Our Knowledge Centre gives you access to information, guidance, topic related guides and other tools to support your GDPR and PECR compliance

Updates, alerts & briefings

We provide updates and alerts and a monthly compliance briefing. You can either sign into the Knowledge Centre or sign up via email to receive an email every time we add a new update or alert

DPO services

Whether mandated or not we can act as your Data Protection Officer (DPO) and manage your day to day compliance

Webinars, workshops & training

Whether updates on the latest issue, workshops or team training, it's all included in your monthly retainer.

LIKE WHAT YOU'RE READING? join our email list

Sign up for monthly briefings and the occasional emails about our webinars and services

Want to know more about how we use your data? Check out our privacy policy