This week’s announcement by the ICO of their intention to impose significant fines on British Airways and Marriott International – £183m and £99m respectively – for breaches of the General Data Protection Regulation (GDPR) should serve as a salutary reminder to all enterprises of the importance of having their data protection compliance practices and procedures up to scratch. GDPR was not about a single date back in 2018, but rather an obligation to continuously remain compliant. It’s not just about losing data as a result of malicious actions, but also the appropriate management of all personally identifiable information in the normal course of business – data relating to customers, employees, suppliers and other connected parties.
Failure to manage and protect such data can result in business-changing fines of up to 4% of annual turnover, with the ICO encouraging everyone – public and organisations alike – to report instances where poor practice or non-compliance with GDPR is evident.
A key step to GDPR compliance is in using appropriate tools to organise collaboration across an organisation in identifying, mapping and documenting how personally identifiable information is managed, and crucially regularly reviewing and auditing the processes behind these operations. The DPOware compliance-as-a-service platform simplifies the workflows and coordination across an enterprise, providing performance indicator dashboards to measure progress, accountability audit trails as well as frameworks for managing Subject Access Requests and incidences of data breaches.
There’s no guarantee that British Airways nor Marriott would have avoided the ICO fines had they deployed DPOware to manage their compliance initiatives, but we’re sure they would have been in a better position to have understood and reviewed how they were processing data and the security risks involved, and would have had a cross-organisation workflow for responding to the breaches as soon as they were identified. greyhairworks! customers who are using DPOware also note improvements in organisational structure and efficiencies as a result of working through the process of mapping their procedures and systems, ultimately reducing costs and resourcing requirements.