In the build up to the introduction of GDPR in May, businesses were urged to ensure that their systems were in place to comply with the new regulations. Whist larger organisations undoubtedly had teams of experts implementing these changes, many smaller businesses struggled to determine exactly what was required and either ignored the topic altogether or at best 'copied and pasted' some privacy notices hoping this would be sufficient to be seen as satisfying what many perceived to be simply a paper pushing exercise.
However figures produced by commercial law firm, EMW show that complaints to the Information Commissioners Office have more than doubled since the stricter regulations came into force. The ICO received more than 6,281 complaints between 25 May and 3 July this year, a 160% rise on the same period in 2017. Greater media attention and government advertising have boosted individuals' awareness of their rights and there is now a more public focus on the accountability of business in this area. The regulations have also made it easier for people to access data that companies hold about them, leading to an increased volume of requests.
Penalties for failing to comply with GDPR are severe; up to £16.5m or 4% of their worldwide turnover. The majority of complaints were made against companies holding sensitive information such as financial services, education and health, but it behoves every business in whatever field, to have another look at their policies with the cognisance that far from being a mere paper exercise, GDPR is very much a reality.