Time for a healthy kick up the GDPRse!

As the UK opens up and the economy gathers speed, now is the perfect time to get your GDPR house in order

Now is the perfect time to get your GDPR-house in order. Why? Well, read on!


The UK’s opening back up

19 July 2021 is set to be the day almost all lockdown restrictions end in the UK. The pandemic is far from over, and things can change very quickly when the coronavirus is involved, but it certainly seems that the UK is raring to go!


The UK economy’s heating up

Even in April 2021, with the rapid vaccination programme underway, the IMF predicted that the UK economy would grow at 5.3% in 2021 and 5.1% in 2022 (faster than the USA and the EU). And in May 2021, the OECD predicted UK growth of 7.2% for 2021 and 5.5% for 2022.

These are just predictions but it’s clear that, as lockdown unwinds, so the economy is picking up, helped no doubt by a lot of pent-up demand.


Due diligence didn’t go away – it got harder

Whether it’s vendor due diligence, an internal audit or a board report, this increase in economic activity and the desire for organisations to regain as much lost ground as possible, means that your organisation is much more likely to be asked about your security and data protection compliance than before, for a number of good reasons.

For example, during lockdown, there were several earthquakes in GDPR-land:

  1. Brexit finally happened, meaning the UK is no longer even deemed to be in the EEA as a workaround on transfers under GDPR. And the awareness of the existence of 2 GDPRs (the UK GDPR and the EU GDPR) is higher.
  2. Schrems II happened, meaning the Privacy Shield (the adequacy decision that you used to rely on for transfers to US entities) was torn down. In its place came lots of uncertainty, anguish and passionate debate as well as the birth of Transfer Impact Assessments or TIAs.
  3. Cookies hit the news with immense fines on Google and Amazon and new guidance from CNIL and others.
  4. New EDPB Guidance came out on TIAs, which seemed to change significantly from consultation to final publication, on whether or not you can risk-assess transfers.
  5. GDPR turned 3! Ok, 3 years of it applying, 5 on the statute books, potato, potahto.
  6. New SCCs happened, meaning there are now much more flexible new Standard Contractual Clauses to use, allowing for transfers of all flavours (as opposed to the decade-old set which were only designed for controller to controller, and controller to processor).
  7. The UK got its adequacy decision! Meaning transfers could continue to take place from the EEA to the UK after 30 June 2021.
  8. High-profile ransomware attacks took down US infrastructure and infected organisations who used infected software. Do you have a good incident response and GDPR notification solution in place if it happened to your organisation?

So be prepared for more questions about your GDPR compliance from customers, partners, investors, auditors and the board.

Those old spreadsheets must be looking less-than-optimal about now.


WFH to Hybrid or Flexi-working

Everyone working from home created its own GDPR and Security concerns. which you can address with the steps in our Privacy Kitchen video on the topic.

While people will soon be able to return to the workplace, anecdotally, it seems many organisations will keep a flexible or halfway-house situation at least for the meantime.

This means the challenges of working from home – as noted by the FCA in its November 2020 warning to maintain data protection standards – will not go away. Indeed, a hybrid situation will bring its own concerns.


Your old Excel Sheets look unappealing…

No judgement, but you know a lot more now than when you created those first Excel spreadsheets to map out your data. Sure, it was a typical place to start, and there is always a time and a place for a spreadsheet, we love them!

But SaaS is eating software for obvious reasons and there’s a clear ROI:

  • easy collaboration
  • no version control issues
  • cloud-based system of record, easily accessed at any time from any place
  • security such as 2FA and SSO
  • tailored access for directors, team members, auditors and regulators
  • many more efficiencies saving you time, cost and stress, and
  • many more benefits such as awesome reporting, instant updates and email alerts.

And there’s a clear return on Privacy spend of up to – and beyond – 5 X ROI.


OK, so let’s do this!

All of this means it’s time to tame GDPR at your organisation, shove it into business as usual, and move into proper maintenance mode.

We can help! Our award-winning SaaS solution, coupled with our comprehensive Privacy Policy Pack, gets you up and running with a great GDPR answer super fast and makes updating and maintaining your compliance intuitive and super simple.

Don’t take our word for it, you can see our case studies and book a demo to see how we can take away your GDPR pain and make it work for you.


Related Articles

NHS Data Grab 2021
The Spice Girls & the 2021 ‘NHS Big Data Grab’ - UPDATED 220821

On 12 May 2021, the NHS announced the ‘General Practice Data for Planning and Research (GPDPR)’, daily collection of GP data to support vital health and care planning and research…

Read More
'I need the Article 30 Records please'

‘I need the Article 30 Records please’ If you believe some surveys, that request is a walk in the park for most organisations, given reported compliance with GDPR.  We don’t…

Read More