In a speech on the May 2018 framework, Information Commissioner Elizabeth Denham revealed that her office was now receiving 1,500 calls a week, solely about GDPR.
Almost as many SMEs have not even started their GDPR training or work, a FSB poll also shows, seeming to explain why GDPR consultants were last week said to be in “hot supply.”
“We’ve of course recognised that organisations with 250 staff or less face particular problems in understanding their obligations under the new law,” Denham said in her speech last week.
“We will continue to help. We will soon publish an overview – a roadmap — of the Data Protection Bill in response to feedback that it was complex and confusing.”
Already published is an ICO guide to a new data protection fee structure which ‘data controllers’ (outfits that decide the purpose for which people’s data is processed), must pay.
The fee is set to replace the requirement to ‘notify’ (or register), which is in the Data Protection Act, with “monetary penalties” potentially hitting non-payers and is to be paid from May 25th.
Denham warned that “hefty fines will be reserved for those who wilfully or persistently flout the law.”
However EfficientIP believes it’s all too late. It says that as it typically takes 99 days to detect a data breach, February 15th was actually the last day companies had to ensure real-world compliance with GDPR.
The networking firm explained: “Most companies breached after February 15th 2018 will only discover the attack after GDPR is in force, and will only have 72 hours to publicly disclose the breach.
“Companies could be put in a situation that would result in irreparable and lasting brand damage, loss of customer trust and loss of competitive advantage to name a few, if they are unprepared.”
Recruiters love this COMPLETE set of Accredited Recruitment & HR Training – View Training Brochure