GDPR Turns Two

(25 May 2020)

Today marks the 2nd year anniversary of the General Data Protection Regulation (GDPR) coming into force. Its aim was to harmonise data protection law in Europe, to protect and empower all EU citizens data privacy, and to reshape the way organisations approach data privacy.

Since its commencement there has been a huge awareness of the importance of data protection among citizens and businesses. At a global level, GDPR acts as a reference point on privacy; at an EU level, it is now viewed as a fundamental right; while at a business level, it has shaped the way organisations globally deal with the personal data of EU citizens.

Whether they love it or hate it, the vast majority of businesses have embraced GDPR. After all, there are competitive advantages to be gained from demonstrating compliance as individuals support brands and employers they trust. Being responsible for a data breach could have quite the opposite effect.

Records Management Perspective

Prior to the commencement of GDPR and since then we as a records management provider have witnessed first-hand how businesses have adapted. On the document storage side, we have experienced a greater influx of new clients than previous years that have never used an offsite records management provider before GDPR. Most often top of the checklist for these clients was sourcing a secure location for records which hold personal and business critical data, evidenced by the number of site-visits we facilitated for new clients.

We have also seen numerous document storage clients audit their information to ensure they are only holding personal data they require and are authorised to hold. These audits have impacted our shredding service as there has been an increase in the certified shredding of records that are no longer required. This is in addition to the number of businesses availing of our shredding collection service whereby we service lockable shredding consoles in offices. Again, protecting personal and business-critical data throughout its lifecycle is to the forefront.

2020 and Beyond

This year saw the first GDPR fine issued by the Data Protection Commissioner (DPC) of Ireland to a government agency for €75,000. This related to three breaches of personal data, all of which that agency notified the DPC about. The fine serves as a warning to organisations, both public and private, that the DPC will exercise its enforcement powers where necessary to ensure compliance with data protection laws.

We are still however in the infancy stages of GDPR enforcement as national data protection authorities have not yet reached their full capacities. As they continue to ramp up their human, financial and technical resources we can expect them to increasingly utilise their enforcement powers.

Some businesses are still playing catch up, but they may have time as the DPC continues to develop. We are here to help you manage the personal information you control, whether that be by cataloguing or scanning records to help you understand the type of personal data you have; securely storing records in our ISO27001 compliant records management facility; or providing certified shredding.

For assistance please call 018227161 or email sales@grm.ie.

 

References

European Commission. (2020). Joint statement ahead of the 2nd year anniversary of the General Data Protection Regulation [online]. Available from: https://ec.europa.eu/commission/presscorner/detail/en/STATEMENT_20_913 [accessed 25 May 2020]

Lexology. (2020). Irish Data Protection Commission issues first GDPR fine [online]. Available from: https://www.lexology.com/library/detail.aspx?g=ec9bbaad-8b95-4f54-b966-3fc1a27742e9 [accessed 25 May 2020]

© 2020 Glenbeigh Records Management,, Disclaimer, Sitemap

Web Design by Webtrade.ie in Dublin