Recently the E.U celebrated the first-year anniversary of the introduction of the General Data Protection Regulation. It is widely regarded as the most important change in data privacy regulations within the last decade. Many countries that aren’t subject to EU legislation (i.e. Norway, Switzerland, Iceland Lichtenstein,) have instead adopted regulations that are heavily influenced by GDPR.
On May 22nd, the European Commission published an infographic which detailed the compliance and enforcement of GDPR within the past 12 months.
The infographic revealed some interesting statistics, some of which are:
What the future holds for data protection
Undoubtedly GDPR has played a huge role in increasing individual awareness of data protection. Twelve months ago, there was a lot of uncertainty about the obligations and requirements of GDPR. Over time companies have slowly started to better understand the requirements of the new regulation.
Privacy and consent remain important priorities for many organisations, and it seems almost certain that Data Protection Authorities (DPAs) will continue to issue increased fines and penalties.
Stricter enforcement measures
During the introductory year of GDPR, DPA’s in all member states were tolerant of breaches of compliance due to it being a transitional period, though as GDPR enters its second year, organisations have already started seeing an increase in fines with the news that British Airways were fined for huge data privacy breaches. Additionally, earlier this week, Facebook was fined $5billion dollars for violating data-privacy laws. As recently as April 2019 of this year, the French data protection authority (CNIL) made it clear that the ‘transitional’ period is over, and that CNIL will take on a more tougher stance when investigating companies’ GDPR compliance.
The influence of GDPR worldwide:
GDPR’s influence extends to other legislations that have come about recently such as in the state of California with the introduction of the California Consumer Privacy Act (CCPA) though there are key differences between the two, in areas such as which businesses should comply and the financial penalties involved, and in Brazil with the LPGD law - (Lei Geral de Proteção de Dados ) the financial penalties involved are of a lower level as compared to the European regulation. Companies in Brazil have less time to become compliant (15 months,) compared to European companies that had two years to prepare.
One of the main goals of the GDPR is to provide an EU-wide regulatory environment for data privacy and security, though overregulation can also have a detrimental effect when it comes to retaining customers, in having consent prompts in every data process.
Overall the pros outweigh the cons, when you assess the positive and negative aspects of this legislation, as it allows users to discover who has their data, why they have it, where it's stored and who is accessing it.
Learn how you can meet the GDPR challenges, with a data-first approach, in our white-paper: Harness the Power of Data-Centric Security to overcome GDPR Challenges