Last week marked the six-month anniversary of the implementation of the General Data Protection Regulations, but despite the regulations being in force for half a year, experts have warned that some businesses still have work to do before they're compliant with the rules.
The new regulations drew much attention for the heavy potential fines they introduced - up to 4% of a company's annual turnover or €20 million, whichever is higher - and left companies scrambling to implement new policies and procedures in order to bring their business in line with the updated laws.
Businesses have now had six months to meet the new standards, but in spite of this, industry experts have stated that many businesses still aren't prepared to cope with GDPR.
"Today, there is still a strong chance that a number of organisations could be struggling with issues around data sprawl, the volume of personal customer information and uncertainty around data ownership," said Citrix's chief security architect Chris Mayers, "as our research from around a year ago suggested."
"The poll also found the average large UK business was reliant on 24 systems to manage and store personal data, with one in five (21%) using over 40 systems to do so. Tackling such data sprawl wasn't easy then and won't be now if still the case."
Although the Information Commissioner Office has thus far failed to issue one of the dreaded maximum fines, some organisations have already been penalised under the new rules, including Brexit data analysis firm AggregateIQ and a Portuguese hospital.
AggregateIQ is a small Canadian data firm, which has been linked to data firm Cambridge Analytica (CA), was the target of the first GDPR fine in September 2018. AggregateIQ had 30 days to "audit, assess, implement and document" its data processing practises or face the maximum fine of £17 million or 4% of its annual global turnover.
The Portuguese Data Protection Authority (CNPD) imposed the Barreiro Hospital with two separate penalties after the data watchdog inspected the hospital in early July, with a €300,000 fine applied for failing to respect patient confidentiality, and limiting inappropriate access to patient data. The second fine of €100,000 was imposed for the hospital's inability to ensure the integrity of data security in their system. The hospital is appealing the fine and may even launch a judicial challenge, according to Portuguese publication Publico.
Public awareness of an organisation's responsibilities around data protection has never been higher - with breach complaints to the Information Commissioner's Office on the increase. Reputations and revenues are on the line, and KYCBench is one of the leading companies which have a long-term GDPR compliance strategy is in place.
KYCbench was created to ensure that our customers can appropriately process their data and documents in a safe secure and private way and they know that their information is secured up to the maximum required industry standard -ISO27001 and GDPR.
KYCbench, your reliable KYC partner
GDPR & ISO/IEC 27001:2013 compliant
Please contact KYCbench today, the most reliable ID verification processor at: email@example.com
Join our Telegram Groups: