183 million reasons to implement a Privacy Compliance Programme
Today the rubber hit the road, with British Airways being fined a record £183 million by the ICO for its failure to safeguard its customers’ personal data as required under the GDPR. For many companies trafficking in personal data, GDPR compliance has been undertaken with either a “let’s do the bare minimum” or a “let’s wait and see” approach. At the C‑suite level, compliance is, more often than not, still the last item on a busy meeting’s agenda. The “expert” forecast (dare we say myth) that a regulator would be unlikely to levy a fine in excess of £3 million for non-compliance with the GDPR, which allows for a fine of the larger of EUR 20 million or 4% of annual global turnover, has been debunked. The expectations around a company’s use and protection of their customer’s personal data are real, and privacy compliance needs to be a central tenet in the operations of all customer-facing businesses.
Do you have a clearly defined and credible privacy compliance programme? Does your risk-register note your areas of privacy risk and remediation efforts? Privacy compliance is a journey not a destination and the regulator will in all cases expect to see proof of that journey. As they have demonstrated via their handling of the BA breach, full cooperation will be helpful as will the ability to demonstrate the steps taken towards compliance – BA could have been fined as much as £500 million based on their turnover. While organisations have done an excellent job of updating privacy policies and creating dedicated routes to administer subject access rights, they haven’t placed equal weight on the “behind the scenes” activities that are also required. While reflecting on today’s news, it is a good opportunity to revisit these “behind the scenes” activities and to consider commissioning a data audit and pen testing for your online estate.
For a discussion on how our team can support your compliance efforts including defining your privacy compliance programme and conducting your data audits, you can contact us directly at chris@lexsolutions.com or manu@lexsolutions.com.
8 Jul
Further reading
-
Press Release: The Maturity Institute and Lex Solutions release inaugural Law Firm Maturity Index ratings and report on major UK law firms
London, 30 October 2024: ‘A new measure of success that analyses human value and risk, and highlights comparative Total Stakeholder…
31 Oct
-
Legal Teams: Why You Need to Get Your Hands Dirty with Process – Part 2
In Part One of this blog series, we debunked the binary way in which lawyers - and the business users…
9 Oct
-
Legal Teams: Why You Need to Get Your Hands Dirty with Process – Part 1
In our recent No Bull Workshop, some key themes emerged from our room full of Legal Operations enthusiasts, that challenge…
18 Sep
-
No Bull Insights: Why Changing How Lawyers Write Is A Game Changer for Legal Ops Success
Legal Content in Action LexSolution’s very first No Bull Legal Ops Workshop brought together fifty Legal Operations professionals to discuss…
23 Jul