GDPR has empowered people like never before to control their own personal data. One year in, it’s clear that the full impact of GDPR still hasn’t been felt and that there is very real feeling that we will soon start seeing companies of all sizes being brought to book for failing to adhere to legislation.
What is very clear is that we will see more penalties in the near future.
There are several major investigations currently ongoing, and officials have said that there will be more announcements later this year.
There have been over 200,000 complaints sent to authorities, 65,000 data breach notifications, and regulators have handed out GDPR fines totalling €56m (£49.4m) – the majority of this however was a single €50m penalty handed to Google in January.
There will be more pressure to comply to GDPR and the ramifications of ignoring it will be felt far and wide.
The U.S. is even starting to feel the pressure – privacy standards in California go into effect next year. Like GDPR, the CCPA puts greater restrictions on how businesses can collect and use consumer data.
In the UK, the task of compliance continues to pose new challenges.
Over the past year there was a concentrated effort on understanding the lawful bases for processing, perhaps best seen by the flurry of re-consent emails sent out.
As people’s awareness of rights continues to grow, organisations are having to deal with an increase in the number and complexity of individual rights requests, such as subject access and the right to be forgotten.
And the ever present threat of data security breaches, and how best to deal with them, hangs over all organisations.
The uncertainty surrounding Brexit and its potential impact on international data transfers is continuing to cause concern. Nobody – least of all the politicians – have any idea what effect Brexit will have on legislation and yet the body of enforcement actions will continue to grow.
The CEO of The Data Support Agency Nicola Hartland said: “It’s now been 12 months since GDPR was brought in and organisations have been duty-bound to comply with the legislation.
“I’m in no doubt that if businesses continue to ignore data privacy laws then the coming year could see an increase in the number of fines handed out and organisations need to be aware of the financial risks and the threat to their reputations if they just sit back and do nothing.
“That’s why our cloud-based software platform iCaaS will now help companies move forward to the next phase of GDPR and follow good data management practice or else risk heavy fines and risk to reputation.”
What has happened over the past year is that GDPR, along with high profile scandals like the Cambridge Analytica data fiasco, has helped to raise consumers’ awareness of not only how much data they are producing, but also what companies might be doing with it.
GDPR has given people practical tools to hold companies to account and protect their privacy. Recently, we wrote about when Prince Harry had used GDPR to help win a legal battle with the paparazzi agency Splash News.