17 July 2018

When businesses were alerted earlier this year that 25 May 2018 would mark the introduction of a radically new data protection regime, there was a degree of panic as they began to realise what was required of them under the new rules.

According to a survey carried out by ICSA, the professional body for governance, actually complying proved even more difficult than many had imagined.

Almost four-fifths (78%) of organisations surveyed found becoming compliant with the EU’s General Data Protection Regulation (GDPR) to be “a heavy burden” on their resources while just 13% felt that they had managed relatively easily.

According to ICSA, many organisations had to hire additional staff or employ external consultants or solicitors due to internal resource issues.

These resource issues, and outstanding problems with third party contractors, contributed to the delay in hitting full compliance - resulting in only 50% of organisations being totally ready for GDPR by the May deadline.

Policy and Research Director at ICSA, Peter Swabey, said: “Achieving full compliance has been extremely time-consuming for many organisations and there is some concern that ongoing compliance will continue to be burdensome.”

Many of the areas that were named as being problematic – coordination between jurisdictions; group-wide solutions; third-party engagement; and staff training – will, he pointed out, continue to be of importance and will require organisations to review processes and procedures on a continuing basis.

“It is important for organisations to keep in mind that 25 May was just the start,” Mr Swabey warned.

With this point in mind, Croner-i has a useful “GDPR Toolkit for HR managers” at https://bit.ly/2Lf57ZO.