183 million reasons to implement a Privacy Compliance Programme
Today the rubber hit the road, with British Airways being fined a record £183 million by the ICO for its failure to safeguard its customers’ personal data as required under the GDPR. For many companies trafficking in personal data, GDPR compliance has been undertaken with either a “let’s do the bare minimum” or a “let’s wait and see” approach. At the C‑suite level, compliance is, more often than not, still the last item on a busy meeting’s agenda. The “expert” forecast (dare we say myth) that a regulator would be unlikely to levy a fine in excess of £3 million for non-compliance with the GDPR, which allows for a fine of the larger of EUR 20 million or 4% of annual global turnover, has been debunked. The expectations around a company’s use and protection of their customer’s personal data are real, and privacy compliance needs to be a central tenet in the operations of all customer-facing businesses.
Do you have a clearly defined and credible privacy compliance programme? Does your risk-register note your areas of privacy risk and remediation efforts? Privacy compliance is a journey not a destination and the regulator will in all cases expect to see proof of that journey. As they have demonstrated via their handling of the BA breach, full cooperation will be helpful as will the ability to demonstrate the steps taken towards compliance – BA could have been fined as much as £500 million based on their turnover. While organisations have done an excellent job of updating privacy policies and creating dedicated routes to administer subject access rights, they haven’t placed equal weight on the “behind the scenes” activities that are also required. While reflecting on today’s news, it is a good opportunity to revisit these “behind the scenes” activities and to consider commissioning a data audit and pen testing for your online estate.
For a discussion on how our team can support your compliance efforts including defining your privacy compliance programme and conducting your data audits, you can contact us directly at chris@lexsolutions.com or manu@lexsolutions.com.
8 Jul
Further reading
-
How to be a legal team that creates value for your business by setting your strategy for the year ahead
The role of general counsel is changing. Where once it was a service role, creating documents and processes that were…
13 Jan
-
How to build a human-powered law firm
People screw up law firms In 2011 Stuart Woollard, author of The Mature Corporation - a Model of Responsible Capitalism,…
14 Oct
-
Flexible Legal Resourcing – the LexSolutions Approach
Legal innovation no more Flexible legal support for businesses and in-house teams is not a new thing these days. The…
12 Aug
-
General Counsel can help drive ESG – but only with the right support from the business
We are seeing more and more about the role of General Counsel and in-house counsel when it comes to environmental,…
19 Jul