GDPR enforcement, the new 20mph speed limit?

Discussion in 'General Data Protection Regulation (GDPR) Forum' started by [email protected], Mar 1, 2018.

  1. Scott@KarmaContent

    [email protected] UKBF Enthusiast Full Member

    742 319
    Whilst broadly welcoming the introduction of GDPR, I can't help wondering how it's actually going to be enforced.

    I imagine there are going to be an ongoing flood of complaints about companies, I just can't see the ICO having the resources to investigate every complaint they receive.

    Does this then leave it the data protection equivalent of the residential 20mph speed limits zones?
    Nice idea, but ultimately unenforceable most of the time?
    Posted: Mar 1, 2018 By: [email protected] Member since: Jun 24, 2014
  2. ffox

    ffox UKBF Regular Free Member

    1,179 207
    Ahh. The $64,000 question.

    I'm heartened to see that there is, what appears to be, an increased awareness of GDPR on this and other forums, but who will do the enforcement and how stringent will enforcement be are very important questions.

    This was published last October -

    The most telling statistic is that The UK Information Commissioner’s Officer intends to increase staff by 200 over the next three years. That will result in a grand total of 700 bums on seats by 2020 to deal with all the flack.

    Enough? Hmmm.
    Posted: Mar 1, 2018 By: ffox Member since: Mar 11, 2004
  3. fisicx

    fisicx It's Major Clanger! Staff Member

    29,825 8,775
    I suspect there will be some big and well publicised cases to act as an example to others. A bit the the cold calling cases that were in the news over the last couple of years.
    Posted: Mar 1, 2018 By: fisicx Member since: Sep 12, 2006
  4. alex360

    alex360 UKBF Regular Free Member

    110 11
    The problem is this regulation doesn’t stop businesses from outside the EU bombarding you with unsolicited emails which are the most un wanted. Some people create rules that affect us doing business, I remember many year ago landing a massive contract with business because I was able to contact them freely, the more barriers they put the more difficult it will. E for small businesses to operate. As I said 9 time out of 10 the emails we don’t want comes from outside the EU so it will hardly make any difference.
    Posted: Mar 2, 2018 By: alex360 Member since: Nov 14, 2017
  5. ffox

    ffox UKBF Regular Free Member

    1,179 207
    This is quite true. However, while GDPR and PECR will have an effect on the volume of spam mail, the main object of the regulations is to cause western business to regulate and control the personal data held. Personal data is 'owned' by the subject and the regulations attempt to ensure that the subject keeps control over how it is used.

    The only way to end spam entirely is for users to stop opening unsolicited mail. This is possible, I have worked on many corporate systems where filtering and quarantine reduces it to very low levels and all links in external mail are stripped out. On none corporate systems it is simply a matter of deletion, unread, of any mail from unknown senders.
    Posted: Mar 2, 2018 By: ffox Member since: Mar 11, 2004
  6. Mr D

    Mr D UKBF Legend Free Member

    12,517 1,330
    And some of the worst offenders for spam, the ultimate client is a charity.
    I have signed up to a few newsletters, don't always read them but am happy to get them. What has happened over past few years is dozens of companies doing work for charity clients have been bombarding spam all over the place, demands for money etc.
    Not necessarily the charity itself doing the work but them instructing someone else to do so.
    Posted: Mar 2, 2018 By: Mr D Member since: Feb 12, 2017
  7. Keith Budden

    Keith Budden UKBF Contributor Full Member

    77 10
    Enforcement is the major unknown as things stand at the moment. Certainly the early noises coming from the ICO is that it is inclined (at least intially) to 'educate' rather than 'punish'. I think in reality, in the early days it will be luck of the draw whether an individual complaint gets seriously investigated or not, as time moves on I suspect rather like current HMRC investigations, while most will be focused on those companies/organisations where a number of complaints have been received from data subjects, there will remain a 'random inspection' element to keep everyone on their toes.

    While I for one am 99% confident that a substantial number of businesses and other organisations will not be 100% GDPR compliant on 25th May (and to be fair I don't think the ICO is expecting them to be either), clearly if you are investigated by the ICO, proving that you are at least aware of GDPR (which you obviously are if you've read this far!) and have taken/are taking reasonable steps to be compliant (like having some GDPR training (ahem!)) ICO are going to look much more favourably on you than if you're immediate response is "GDPR, never heard of it guvnor".

    My mantra to all my clients though is don't get over stressed about the financial penalties for GDPR non-compliance, worry more about the damage to your business reputation.
    Posted: Mar 30, 2018 By: Keith Budden Member since: Mar 30, 2018