Supporting the Public In the first year of GDPR, many people have started to realise the potential use of their own personal data and the benefits of protecting it. This has bought about an improved awareness associated with laws, more specifically individual data rights, along with more awareness linked to the roles of regulators where these rights are not being respected. Studies performed in July 2018 revealed that 34% of people have more confidence and trust in organisations and companies using and storing their personal data (information), which is up dramatically from the 21% stated in 2017. In March this year, the ICO (Information Commissioner's Office) surveyed Data Protection Officers (DPOs). Of those surveyed, 64% said they either strongly agreed or were in agreement with this statement: “I have seen an increase in service users and customers exercising their information rights since 25 May 2018”. The figures are formatted in order to round them off to the closest whole number. The increase in this awareness is supported by the ICO’s Your Data Matters campaign. This campaign is aimed at increasing awareness when it comes to improved data-protection rights that individuals now have with GDPR, which highlights how individuals are able to exercise such rights along with promoting our guidance products online. This particular campaign has resulted in a 32% increase in people accessing our site. The statement “I have seen an increase in service users and customers exercising their information rights since 25 May 2018”, is a result of us working to ensure we are consistently supporting the public. This has come about through one or more of our public-facing services and through organisations that have used our tools that we made available to companies large and small, in order to clarify these new rights and laws. We also launched various investigations in order to address and highlight otherwise invisible or opaque processing of personal data and information in order to alert the public on the way in which their own data is used. The Data Protection Officers In addition to this, the push in order to prepare and comply with GDPR, encouraged organisations to conduct a number of significant changes. They were forced to examine the legal basis of how they collect personal data, how they store the data that is held, study how the data is used over their different supply chains along with refreshing their consents. This promoted an understanding and engagement of these responsibilities and rights under this new regime, which is now reflected within the nature and volume of our overall engagement and contact with individuals, organisations and businesses. The ICO helpline, written-advice and live-chat services have already received more than 470,000 contacts over 2018 and 2019, which is a dramatic 66% increase from 2017 and 2018. In the bigger organisations, GDPR has emphasised a much larger responsibility on the DPOs, which has bought with it an ongoing challenge in association to normalising these latest regulations. When the ICO surveyed the DPOs which forms a portion of the DPPC 2019, responses indicated that most of the DPOs agreed that they have received more than enough support in their organisation. Culture which is regarded as important was once thought to be the largest issue present for the implementation of GDPR, so it is really encouraging to view that a minimum of two-thirds of all the respondents said they were content with the support they received from senior leadership. Over 90% of the DPOs had accountability frameworks in place, while 61% reported back that the framework that they use is understood well within their organisations. Overall, around 3 quarters of the DPOs stated that their messages on information rights were received by senior leadership teams, and that they felt they were being supported in the way of developing these frameworks in order to embed such rights into their organisations. It is clear that the progress has been positive in less than a year, yet maintaining momentum is going to be key. It will still be awhile before GDPR is truly embedded and we have an understanding of the impacts of this latest legislation. SMEs In addition to the DPO community, the ICO understands that it is has not been an easy task for smaller organisations to advance into becoming GDPR compliant. The legal basis involved in processing, privacy policies and data auditing takes some time to gain an understanding and unfortunately there is no quick-fix in place to ensure that personal data of individuals is being legally processed. However, for these organisations Trident Assurance Services can look after GDPR compliance on an outsourced basis. It has been even more difficult for the sole traders. To assist this important community with understanding what their responsibilities are, the ICO have offered resources, guidance, and support on their site which is tailored to the requirements of the small organisations and sole traders, which includes FAQs, toolkits, podcasts and checklists.