25th May GDPR deadline looms… Should employers panic?

In theory yes! In practice possibly not. We outline 5 reasons why you might relax.

ICO audits

At the beginning of May it was far from clear how the Information Commissioner’s Office (ICO) was going to audit the General Data Protection Regulations (GDPR). We are still not clear but, even so, if the ICO was not clear at the beginning of May it will be surprising if it is able to start audits at the end.

Subject Access Requests

These are, arguably, the biggest threat to employers: requests raised vexatiously in pursuit of some grievance. But if employers have good employee relations and transparent grievance procedures then these should not happen. Even if they do, then you have a month in which to respond. Not long, but longer than between now and the 25th May. And you need to receive a request first.

The seriousness of non-compliance will grow, gradually

Talk of big fines means the ICO is not toothless, but running around shouting “Don’t panic”, “Don’t panic”, “Don’t panic” is pointless. In most cases there will be early steps, such as an order from the ICO that incorrect information is corrected.

The ICO may be overloaded

We spent nearly two hours on the ICO helpline last week. We were thanked for waiting countless times but still did not receive a reply.

There are over 5 million SMEs in the UK. If one employee in 1% of those businesses raises a complaint that will be 50,000 complaints – that’s more than the population of Wilmslow where the ICO is located. It is hard to understand how it will cope.

Data protection is widely ignored

There is plenty of evidence of this around. What the GDPR is primarily doing is to remind employers is that some things they should have been doing over 30 years ago need to be done. Our advice is to do them – as soon as you reasonably can.

Malcolm Martin FCIPD

Author Human Resource Practice

Training Courses

Click here to register for one of our Training Courses.