GDPR 1 year on – enforcement activity to ramp up When GDPR came into force last year, many people expected to wake up to find a Data Protection Commission inspector in their workplace on the morning of 26th May 2018. The reality is that regulators, employers, and data subjects have all taken the first year of the new data protection regime to familiarise themselves with their rights and obligations. What can employers learn from year 1 of GDPR? The European Commission issued a press release on GDPR’s first anniversary noting the “teeth” GDPR has armed regulators with and the increased awareness of data protection principles amongst EU citizens. The Commission also sent a clear message to member states to create a predictable data protection environment which avoids placing excessive burdens on the SME sector. So while year 1 post-GDPR was largely a ‘getting to know you’ process, employers can expect to receive more access requests from individual data subjects along with increased enforcement activity at both national and EU data protection watchdogs in the years ahead. Data Protection Commission annual report The Data Protection Commission (DPC) published its first annual report since the introduction of the General Data Protection Regulation (GDPR) covering the period between 25 May 2018 and 31 December 2018. The DPC reported a significant rise in the number of data subject complaints suggesting that individuals are much more aware of their data protection rights post GDPR. The figures also indicate that individual data subjects are more likely to report perceived misuses of data or failures to explain how their personal data is being handled. It is possible to infer that employees are therefore more informed on their data protection rights and more likely to query their employer’s data handling procedures in the wake of GDPR. The cost of cybercrime A separate report conducted by PwC revealed that Irish organisations lost up to €810,000 through cybercrime over the last two years. The number of Irish organisations that have reported a cybercrime incident has also risen from 44% in 2016 to 61% over the last two years. What does this all mean for employers? While many organisations put a lot of time, money and effort into their GDPR compliance efforts last year, the challenge for the SME sector is to continue to embed data protection principles into operations and processes on an ongoing basis. With the DPC announcing in recent weeks that it is beginning an inquiry into Google’s data protection compliance and statistics revealing that organisations are at increased risk of claims by data subjects, it is clear that employers need to continue to keep data protection near the top of their priority list. Need help with GDPR compliance? If you have any questions in relation to your GDPR compliance, please contact Peninsula’s expert employment law advisors on 1890 252 923. Or if you would like one of our advisors to call you back, fill in your details here.