Three things I didn’t really want to combine in the same sentence! Here’s something to lighten the mood before we get into the serious stuff:
Did you hear the one about the Englishman, Scotsman and Irishman?
I’ll let you know when I’ve got their consent.
Brexit guidance and impact
Thanks to an uncertain state regarding the precise details of the UK’s exit from the European Union (EU), recent legislation on data protection and the introduction of the GDPR in May 2018, there is currently much uncertainty for companies.
The UK Government has released guidance on data protection if there is a no deal Brexit, which relies on the EU making an adequacy decision to allow the transfer of personal data to the UK without restrictions. Naturally, there is still no timetable provided on when this decision will be made, but it cannot be discussed until the UK has officially left the EU.
View the UK Governments guidance on data protection if there’s a no deal Brexit here.
For information regarding the UK being awarded adequacy status, click here.
One certainty, however, is that the GDPR has been included within UK law, so you are required to meet the guidelines. But what impact has the GDPR had on business practices and data protection?
Brexit prominence in Annual Reports
A PwC report entitled “The reporting dilemma – balancing the needs of shareholders and other stakeholders” looked at how many companies in the FTSE 350 reference Brexit as a risk.
of annual reports discuss Brexit as part of the risks section
of annual reports discuss Brexit outside of the risks section
do not reference Brexit at all!
If you’re unsure on how to effectively report on Brexit's impact to your business, email firstname.lastname@example.org to organise a benchmark of your report against industry best practice.
You can download the PwC report here.
In a study by Eurobarometer in March 2019, 67% of EU citizens had heard about the GDPR, 36% indicated they are well aware of what it entails and 57% indicated they were aware of the public authority responsible for protecting data.
In February 2019, the European Data Protection Board released an overview on the implementation and enforcement of the GDPR.
DPAs from 11 EEA countries reported imposing administrative fines under the GDPR
Total number of cases by DPAs from 31 EEA countries
GDPR complaints in the UK
Data submitted to DPAs across Europe show the UK receiving
the most with roughly 51 complaints per 100,000 people.
Aside from the number of complaints, the UK also tops the list with the highest number of breach notifications, averaging 42 per day, which suggests that UK website users and consumers are more likely to report data breaches. If your business is based predominantly in the UK you should ensure your personal data security is fully compliant and your policies/procedures are in place and tested.
So far, a number of high profile companies have been fined under the GDPR including:
Google - Jan 2019
Facebook - Oct 2018
Equifax - Sep 2019
In the PwC report mentioned previously, it is stated that 79% of FTSE 350 companies identify cyber security as a principal risk in their annual reports, demonstrating that it is increasingly proving a material issue for many companies.
GDPR – What’s next?
After well over a year of the GDPR coming into force there is still a long way to go to fully enforce it and for the Information Commissioner’s Office (ICO) to start handing out fines. But the resounding direction for data protection is to ensure you have full transparency with your suppliers and providers on where personal data is stored and how it is used.
If you still don’t have any form of procedure in place to manage Subject Access Requests (SARs) then you should consider following one of the many GDPR checklists available online:
For more information on reporting risks in your annual report or website, please get in touch with email@example.com.
Designing your content
In the last few weeks I’ve attended a number of events where buy-side professionals have demonstrated how they evaluate companies in the early stages of making an investment decision. What became clear after listening to the 5th investor was that if your content isn’t easily accessible and legible, they will quickly be moving on to the next company.
Why proofreading matters more than ever
The times they are a-changin’. So sang Bob Dylan in 1964, but who could have realised just how prescient those words would be?
Research & Strategy
Culture: A matter of principles
With increasing interest from investors, Executives are now beginning to see company culture as an asset that contributes to long-term value and success. In simple terms, company culture is the personality of the company; it defines the environment in which employees work. But with no “how to” guidelines, demonstrating and reporting against culture is a difficult challenge.