What Privacy & Compliance Challenges Do Companies Face With GDPR In 2021?

As a company, organization, or even website owner, have you considered the regulations that GDPR could have on your business in the UK having now left the EU?

What Privacy & Compliance Challenges Do Companies Face With GDPR In 2021?

By Iffy Kukkoo

26 Oct, 2022

As a company, organization, or even website owner, have you considered the regulations that GDPR could have on your business in the UK having now left the EU?

The General Data Protection Regulation (GDPR) and the Data Protection Act of 2018 affects how you must obtain and store cookie consents from your visitors in both the UK and EU. It also affects the process and regulations in storing a user’s personal data.

The United Kingdom left the EU on January 1st, 2021, leaving one question in mind for many organizations, “What will happen to privacy and compliance around GDPR?” An agreement was signed in December 2020, allowing for the provision and flow of data to continue until June 2021, which will be classed as a transition period before the new laws are implemented.

To comply with the new regulations and laws, the UK has already put in place a new data privacy law called “UK-GDPR,” which is identical to the previous EU version. The new law is also supported by the Data Protection Act of 2018.

Even before Brexit, any website, company, organization, or business was obligated to comply with GDPR. This entailed getting consent from users inside the UK or EU to process their data before then allowing them to continue to browse their website as an example.

 

What Is GDPR?

The General Data Protection Regulation was established as an EU law that took place in May 2018. This entailed bringing together the 27 nations that abided in the EU to rule how companies and organizations handle your personal data.

Personal data is classified as anything that can be directly passed or identified to a natural person. Credentials like your name, address, IP address & location are all things that define you as a person.

Enjoying the blog? Have a look at the implications GDPR has on CCTV.

The GDPR law also covers sensitive personal data classified as religious beliefs, political opinions, and sexual orientation.

The law is compiled of eight rights for each individual that is an EU citizen. This includes accessing the rights to anyone’s data and any requests to have their personal data deleted. The most important rule (and most common) is not allowing any organization or company to capture your data without your consent.

Do you know that little box that pops up when you enter a website? That is, to comply with the GDPR law by asking you for your consent around cookies collected.

Our privacy promise to you
dee.ie Do you need some help?

 

What Is Required From Websites When It Comes To GDPR?

There are strict, clear guidelines to ensure that each website complies with rules that have been put in place.

The GDPR law requires every website to do the following:

  1. Obtain clear and unambiguous consent for any user that enters their website.
  2. Content must be approved before any processing of personal data.
  3. Websites need to specify all types of cookies/ tracking technology that is being used.
  4. Must allow users not to give their consent as a preference.
  5. Must document every user’s consent.
  6. Your policies must be renewed consistently, so you are abiding by the laws and regulations.
  7.  

What GDPR Laws Have Changed After Brexit?

Several laws have been or have stayed in place to ensure that the protection of people’s data and consent is a priority.

The following data laws have been put in place after Brexit on January 1st, 2021.

  1. UK GDPR (United Kingdom General Data Protection Regulation)
  2. Data Protection Act of 2018
  3. PECR (Privacy and Electronic Communications Regulations of 2003)

The PECR regulation deals with personal data concerning electronic communications, cookies, and online marketing communications across all channels.

 

Updated Guidelines From ICO Around Cookies & Personal Data

ICO (Information Commissioner’s Office) has updated the guidelines related to cookies and the processing of said data. This has been done, so it coordinates and aligns with the consent standards of GDPR. ICO has concluded that a valid form of consent must be through user actions. As an example, Cookie banners are not allowed to have any pre-ticked checkboxes regarding consent to process personal data in any circumstance.

If you would like to read more about the updated ICO rules around cookies and data, please read their guidelines.

Users must now tick every single box; otherwise, a website will not be permitted to store and collect personal data.

 

How Do I Comply With GDPR Laws In The United Kingdom?

If in any way you process personal data of individuals in the UK, then you must abide by the laws and regulations that have been put out about GDPR, the Data Protection Act of 2018, and the PECR.

You will first need to comply with the flow of personal data and establish if the transfer of said data is being completed. With the transition period until June 2021 being put in place, companies are still allowed to transfer and continue data flow from the UK to EEA.

As a company, you should review all your private information and documentation to identify any changes that need to be made at the end of the transition period.

 

DSARs Are On The Rise

There has been a massive increase in Data Subject Access Requests across all sectors. This is due to the pandemic and Covid-19, redundancies, and the furlough scheme put in place.

A study was recently conducted by eCase, who are in close proximity to Westminster. DPOs (Data Protection Officers) employed by government and public sectors have been overwhelmed when it comes to DSAR. Most now do not have the resources needed to deal with the rise in work.

Why is this a concern? In many cases, small or big organizations now have to record the processing of activities and retention policies, which means going back years looking through documents. A massive concern for companies or organizations that have been operating for a long time.

The ICO has declared that a change in law will not occur, even with the havoc that the pandemic and Coronavirus is causing.

Data Breaches Are Increasing

With the pandemic taking its toll on companies across the nation, many companies have seen an increase in data breaches.

Many were forced to move their working practices and relocate to their homes as offices, public sectors and hundreds and thousands of businesses have had to shut up shop for the time being. Employees have had to adapt to new technology, rigorous testing, and personal circumstances while not being under the workplace's safety.

Cybercriminals have found hundreds of ways and vulnerabilities in companies' defences. As an organization, you need to be aware of compliance with your company's data. It would be best to carry out a risk assessment to ensure that breaches and gaps are filled.

On average, it can take around 200 days to notice that a data breach has occurred. One could have already taken place, and you don’t even know it.

For updates on GDPR, compliance with privacy laws, and data regulations that have been put in place for the United Kingdom, follow our IT blog.

 

Posted By: Iffy Kukkoo
Resident Editor-In-Chief

Iffy is our exclusive resident technology newshound editor, relentlessly exploring the beauties of the world from a 4th dimensional viewpoint. When not crafting, editing or publishing our IT content, she spends most of her time helping people understand life and its basic principles. You know, the little things around you, that you've failed to grasp each day.

Dee.ie IT blog has updates on IT Consultancy, IT Contractors and Software Development related posts, on how your business can be managed effectively using technology.

Feel free to read more and or reach out to share your thoughts, feelings and input on our articles, our team would love to hear from you!

Our privacy promise to you
Have a Question or Need an Answer? Ask our Live Chat and we will include it in our FAQ’s to make things easier for others

Our IT Blog

Latest Blog Post
blog-post

How to improve your businesses Software Maintenance?

Latest Blog Post
blog-post

What is the Difference Between a CTO & IT Consultant?

All Posts