Protegrity Blog

The introduction of GDPR, one year on…

Recently the E.U celebrated the first-year anniversary of the introduction of the General Data Protection Regulation. It is widely regarded as the most important change in data privacy regulations within the last decade. Many countries that aren’t subject to EU legislation (i.e. Norway, Switzerland, Iceland Lichtenstein,) have instead adopted regulations that are heavily influenced by GDPR.

On May 22nd,  the European Commission published an infographic which detailed the compliance and enforcement of GDPR within the past 12 months.

The infographic revealed some interesting statistics, some of which are:

  • 67% of Europeans have heard of the GDPR
  • There have been 89,271 data breach notifications.
  • 25 EU member states have adopted the required national legislation, but 3 states remain in the process of doing so (Greece, Slovenia and Portugal.)

What the future holds for data protection

Undoubtedly GDPR has played a huge role in increasing individual awareness of data protection. Twelve months ago, there was a lot of uncertainty about the obligations and requirements of GDPR. Over time companies have slowly started to better understand the requirements of the new regulation.

Privacy and consent remain important priorities for many organisations, and it seems almost certain that Data Protection Authorities (DPAs) will continue to issue increased fines and penalties.

New call-to-action

Stricter enforcement measures

During the introductory year of GDPR, DPA’s in all member states were tolerant of breaches of compliance due to it being a transitional period, though as GDPR enters its second year, organisations have already started seeing an increase in fines with the news that British Airways were fined for huge data privacy breaches. Additionally, earlier this week, Facebook was fined $5billion dollars for violating data-privacy laws. As recently as April 2019 of this year, the French data protection authority (CNIL) made it clear that the ‘transitional’ period is over, and that CNIL will take on a more tougher stance when investigating companies’ GDPR compliance.

The influence of GDPR worldwide:

GDPR’s influence extends to other legislations that have come about recently such as in the state of California with the introduction of the California Consumer Privacy Act (CCPA) though there are key differences between the two, in areas such as which businesses should comply and the financial penalties involved,  and in Brazil with the LPGD law – (Lei Geral de Proteção de Dados ) the financial penalties involved are of a lower level as compared to the European regulation. Companies in Brazil have less time to become compliant (15 months,) compared to European companies that had two years to prepare.

The Aftermath

One of the main goals of the GDPR is to provide an EU-wide regulatory environment for data privacy and security, though overregulation can also have a detrimental effect when it comes to retaining customers, in having consent prompts in every data process.

Overall the pros outweigh the cons, when you assess the positive and negative aspects of this legislation, as it allows users to discover who has their data, why they have it, where it’s stored and who is accessing it.

Learn how you can meet the GDPR challenges, with a data-first approach, in our white-paper: Harness the Power of Data-Centric Security to overcome GDPR Challenges

 

Leave a Reply

Your email address will not be published. Required fields are marked *

Download our Latest Insights

Secrets of Cloud Data Security

Categories

Subscribe Now

Archives