Do you remember your inbox overflowing with emails asking if you were happy for businesses to continue holding your information? Well it has now been a year since the EU launched their data protection law, GDPR. The new law was introduced to provide EU citizens with greater control over the information companies hold about them.
As it’s one year since the General Data Protection Regulation (GDPR) came into effect, what have we learnt so far?
What Does GDPR Mean for Businesses?
GDPR puts consumers in the driver’s seat as they have complete control over what happens to their personal data. However, as much as the consumers are in control, it is the businesses that must set the appropriate compliances in place.
When GDPR was introduced it caused pandemonium for businesses throughout the EU as the way many businesses stored, collected and processed data needed to change. All organisations and companies that work with personal data required a data protection officer to oversee GDPR compliance.
Businesses are legally obliged to ensure any personal data is processed lawfully and transparently. Being used and collected for a specific purpose, and once the objective has been met, the data should be safely deleted as it is no longer required – known as the ‘right to be forgotten’. Companies that do not comply with the new GDPR regulations face fines and sanctions.
What Difference Has It Made?
GDPR has only been in effect for a year but regulators have issued numerous fines to businesses that do not comply with their regulations. Google were recently fined a mammoth €50m by the French data protection watchdog for lack of transparency, inadequate information and lack of valid consent regarding advert personalisation.
With businesses actively making the news regarding fines for data breaches has only heightened the importance of compliance to companies, both big and small. Whilst the big fines are so far reserved to the big players, nevertheless, the level of potential fines for non-compliance for everyone is high, and has the potential to bring a business down. Either financially or in terms of its reputation. Creating public trust in an organisation's treatment of personal data should be a high priority.
How Are Companies Dealing with It?
GDPR compliance requires ongoing attention which brings its own set of challenges. No matter big or small, companies are having to deal with new regulations and implement new processes regarding the collection, storage and usage of personal information into their day to day business.
Keeping on top of data can be a tricky thing, especially when businesses are evolving the services that are available to customers. One year later the expectations and requirements of GDPR are still high, with companies still working hard to maintain data compliance. Companies are having to invest in infrastructures that are safe and secure to maintain GDPR compliance now and in the future.
GDPR in the future
GDPR compliance requires ongoing attention and is not a one-time fix. The EU do not appear to be in a position of relaxing GDPR compliances and looks to be here for the long run.
There have been almost 60,000 data breaches reported across the EU to the ICO and its European counterparts. The UK is third in the list of number of breaches reported. The type of breaches complained of range from emails sent to the wrong recipient to large-scale cyber attacks. Around 90 fines have been issued, but clearly there is a backlog of notifications for the European data regulators to address. We can make sure that your site complies to GDPR, so get in touch and avoid the fines!