Although the deadline for GDPR has come and gone and the furore has died down, companies must ensure their DPO and legal teams stay on top of the requirements or risk the consequences.
The deadline for companies to comply with GDPR – 24 May 2018 – has come and gone. Despite the panic that most companies felt in the run-up to the regulation, there have (so far) been no high-profile casualties.
While we don't know what the ICO has up its sleeve, it's safe to say that the smooth passing of the due date is in no small part down to the hard work and expertise of the legal teams who helped whittle their companies into shape.
It feels somewhat of an anti-climax. Is that it? Is GDPR over? Can legal teams relax and concentrate on something else?
The all-important DPO
The answer is a resounding 'no', of course. GDPR is very much in swing, and no doubt everyone is itching to see its first victim, partly to put some more definition on some rather fuzzy rules.
The ultimate responsibility for compliance rests on the shoulders of each company's Data Protection Officer. It is they who will have the final say on company processes going forward, and on the actions of the third-party companies they trust with their personal data.
Although they don't have to be a full-time employee, your DPO must have an in-depth knowledge of the rules and requirements of GDPR, be technologically savvy, and preferably backed by an expert legal team who can advise them. If your company isn't 100% confident in this person, it's most definitely time to find one who deserves your trust. Given the size of the fines laid out by GDPR, an experienced and knowledgeable DPO is harder to find and recruit than ever.
Impact on recruitment industry
GDPR has also had a significant impact on the recruitment industry. Given the need for individuals to opt-in, the position of bad-practice and cowboy recruiters has been severely hampered. Although the worst of the worst will probably carry on unperturbed, the hefty fines will put many off. It offers quality recruiters even greater chance to flourish among a backdrop of more positive PR.
Although data protection was important before GDPR, it's now an even-greater requirement for business' in-house legal team to have data experts. As mentioned already, the penalties could be huge – 4% of turnover or £20 million, whichever is greater. Numbers worth remembering.
Finding the right candidates is tricky, because they need the relatively unusual mix of legal knowledge and experience as well as a sound technical understanding of data processing and storage. They must also be aware of how marketing teams operate, particularly in regard to user data, in order to advise them on best practice without overtly stifling their creativity.
Although the talk about GDPR has quietened from the deafening roar of questions and opt-in emails we experienced in May, its impact has really only just begun. Companies with solid internal teams can breathe easily. Those without should be looking to recruit the necessary skills or face the unknown – but potentially very expensive – consequences.