GDPR - 1 year later - has anything changed?
It's been over 1 year since GDPR rules came into effect in the UK, but what impact has it had?
Be interested to hear if it has impacted your role?
Have you noted any difference?
Was it all worth it?
We have experienced a number of "right to be forgotten" events. They are cumbersome and administratively heavy.
The impact on my role obviously was an increase in work in this area ensuring all necessary contracts were updated to reflect the changes in Data Proctection Law. What it has also done is enabled me to have a seat on data and security committees which has enabled procurement influence to grow. The difference? The major difference is great transparency between buyer and seller in relation to data and where it is kept and how it is to be used. It's moved from a box ticking exercise to a major consideration in procuring new systems and platforms. Worth it? Hard to measure as contracts I have managed previously and in the here and now haven't been subjected to any breaches of data and the Suppliers have complied with our requirements. IT is worth it for me to ensure not just the organisations, but the third parties too are on their toes in relation to Data Protection and procurement has played a role ensuring that.
I would agree with Michael - some up front work to change T&Cs and make sure incumbent suppliers had the correct arrangements in place but nothing different to ongoing work. I suspect it might have more of an impact on an organisation that has more services that handle data outsourced than was the case in my most recent role.