ICO: Businesses Getting Affected For Unfulfilling GDPR Accountability

Businesses are not complying with the General Data Protection Rules. The UK’s information commissioner on 08 April 2019, enunciated that companies have failed to fulfill their responsibilities regarding GDPR.

Accountability for GDPR

On Monday’s conference, Elizabeth Denham shed light on the Data Protection Practitioners. She articulated that, “Accountability encapsulates everything the GDPR is about. It enshrines in law an onus on companies to understand the risks that they create for others with their data processing, and to mitigate those risks”.

She kept on stating that, compliance with GDPR formalises one’s profession away from box-ticking. It enables us to see data protection as the business fabric of an organisation. It reflects the increasing demand of people, about how a company processes their data. However, companies do not seem to practice it yet. Moreover, she shared that the data breach report by ICO demonstrated poor practices regarding GDPR. They found it out through investigation and the audits, but the problem stands still. They must consider that accountability is a legal requirement, it should not use as an optional.

Laura Gillespie of Pinsent Masons, who is also a Data Protection Law expert, elaborated about the way the requirement of GDPR accountability has been embedded in the GDPR & DPIA. Besides this, “Accountability represents a fundamental shift from the UK’s previous Data Protection Act of 1998, in that data controllers not only need to comply with the principles of data protection law but demonstrate how that is being achieved,” he said.

Comply with GDPR to reduce hassle

Elizabeth Denham sustained the flow and professed that “In practice, this means that organisations need to ensure that they not only have appropriate policies and procedures in place but that they can demonstrate through risk assessment, audit and review that the processes being adopted meet the standards of the GDPR and the UK’s new Data Protection Act of 2018. Essentially, the culture of compliance should be within the DNA of the business. There is an inherent danger in businesses taking a formulaic or generic approach to their GDPR obligations.”

Denham aware of the conference delegates, the chances companies have of using the GDPR’s accountability requirements to alter the “cultural fabric”. She said the next phase of GDPR necessitates a refocus on comprehensive data protection in all business processes. Henceforth, a discussion on the GDPR accountability approach took place at the conference. She winded up the conference by indicating, “An accountability approach gives those of you who have the skillset, who have the passion, a chance to see a changing world as an opportunity to have a real and lasting impact.”