The General Data Protection Regulation (GDPR) legislation came into force a year ago but there is still uncertainty about what exactly it means and what is required.
Standardising data privacy across the European Union hasn’t been an easy task by any means and how to comply with the regulation seems to have proved even harder.
Over the past few weeks, there has been a constant flow of emails and social media posts telling us that it’s been a year since GDPR came into force. But are people listening and has it been embraced by companies?
The past year has been a settling-in period for regulators and organisations. However, there is still a massive grey area surrounding fines, reporting and breach notifications.
So, could this first year be seen as a success as far as breach notifications go, but not so much when it comes to imposing fines on companies that fail to adequately protect their customers’ privacy data?
What is GDPR?
The legislation came into effect on May 25, 2018. However, some organizations still struggle to both understand and comply with GDPR and its complexities.
In the UK, the Information Commissioners Office (ICO) are the governing body that oversees GDPR.
The ICO regulates data protection in the UK. They offer advice and guidance, promote good practice, carry out audits and advisory visits, consider complaints, monitor compliance and take enforcement action where appropriate.
GDPR replaced the 1995 Data Protection Directive and aims to strengthen and unify data protection for all individuals within the European Union.
It is the biggest overhaul of personal data privacy rules since the launch of the internet.
One of its aims is to crack down on how companies like Google and Facebook use and sell the data they collect on their users.
Fines
GDPR has cut some teeth – there have been fines from the European Commission totalling over £43m (€56m) so far, hitting 91 companies – including £44m (€50m) against Google. But this is just a fraction of the full 4% of companies’ total global revenue they could have imposed.
So, it seems that companies are being encouraged to fix the problem first rather than just handing out hefty fines in the first instance. But how long will this last? Will it only be a matter of time before we see bigger fines being dished out and companies facing serious problems if they don’t deal with GDPR and adhere to the regulations set in place.
GDPR affects every company, but the hardest hit will be those that hold and process large amounts of consumer data: technology firms, marketers, and the data brokers who connect them.
Even complying with the basic requirements for data access and deletion presents a large burden for some companies, which may not previously have had tools for collating all the data they hold on an individual.
iCaaS
The only way to limit the risk of heavy fines and damaging a company’s reputation is by making sure you are aware of GDPR and the implications of not complying.
Our cloud-based software platform iCaaS helps businesses to manage and maintain their GDPR compliance all in one place. It seems prudent for organisations to protect themselves and limit any chances of being fined for simply not taking GDPR seriously enough.
GDPR is a ground-breaking privacy framework that empowers residents of the EU to control their personal information so they can use digital technologies to engage freely and safely with each other and with the world.
Prior to the GDPR, there was no single breach-notification regulation for the European Union and individual member nations were allowed to write and pass their own breach-notification laws.
There is little doubt that companies that fail to comply with the standards for privacy protection will, soon, pay a heavy price for ignoring the growing threat of stiff penalties.
Transition year
Earlier this year in March, the Association of Privacy Professional held a talk in London on the GDPR’s first year.
French regulator Mathias Moulin emphasized that this year “should be considered a transition year.”
Stephen Eckersley, the head of enforcement at the U.K. Information Commissioner’s Office, said the U.K. had seen a “massive increase” in reports of data breaches since the GDPR’s implementation. In June 2018, companies self-reported 1,700 data breaches, and Eckersley estimated that the total will be around 36,000 breaches reported in 2019, a significant increase from the previous annual reporting rate of between 18,000 and 20,000 breaches.
Put simply, companies cannot avoid fines for much longer for poor data handling. Backup is key and continuously protecting your data is vital. And better privacy benefits everyone.