Ahead of the GDPR anniversary, IT Governance gathered expert insight into the state of compliance amongst UK organizations. IT Governance trained 8,419 professionals on the GDPR, so our consultants have a wealth of experience ‘from the trenches’.
Stuart Skelly – Senior Data Protection, Privacy and GDPR Consultant
“There’s an entrenched mindset amongst many UK businesses that the personal data they have invested time and money in harvesting is ‘their property’ with which they can do with as they please. This mentality of course flies in in the face of the GDPR but is proving difficult to shift.”
Nicky Whiting - Sector Consultancy Manager
“As media coverage has waned, organisations have taken their eye off the ball. Since there has been little news about fines, many have concluded that the ICO won’t be taking enforcement action.”
Helen Pettit – Incident, Breach Management and Data Subject Rights Consultant
“I think companies are waiting for the first GDPR fine to be issued in the UK, and then there will be a sharp intake of breath if it is substantial.”
“There is still confusion about what constitutes a breach, whether it is recordable or reportable, and panic about how to deal with it”.
Ryan Mackie - DPO, Data Protection/ Privacy and Cyber Security Lawyer
“Financial services are (in my experience) by far the most mature of the sectors when it comes to GDPR compliance, whereas the retail sector appears to be the least mature.”
“If anything, I believe there's an element of 'over reporting' because organisations still don't understand what constitutes a reportable breach under GDPR.”
Preston Bukaty – GDPR Consultant
“Most organisations really don't want to use your data in creepy ways - they want to enhance your life, and their product or service leverages certain information to do so. Once companies can explain that transparently to users, I think the more we'll see renewed trust in information services and technology offerings in our fast-evolving world.”
“Data breaches are hard to hide. There's less regulatory risk in admitting a mistake than there is in hiding the mistake and being found to have lied about it later.”
About IT Governance Ltd
IT Governance is a leading global provider of cyber risk and privacy management solutions, with a special focus on cyber resilience, data protection, PCI DSS, ISO 27001 and cyber security. For more information, visit https://www.itgovernance.co.uk