9 months have passed since the GDPR legislation was introduced, are you concerned about compliance? Are there elements of GDPR you are uncertain of? Whether its world-wide headline scandals or small unheard-of breaches, the new regulation hasn’t failed to be vigilant and imposing on non-compliant businesses. Here we cover the effects of GDPR since May 25th and how to maintain compliance.
What Does GDPR Stand For?
GDPR (General Data Protection Regulation) is the new framework for data protection laws in the EU, replacing the ‘outdated’ 1995 data protection directive. Designed to modernise data protection laws in the line with the digital age, GDPR gives EU citizens more control over their personal data and makes business more accountable for its mismanagement.
Has GDPR had an impact on your inbox? You have most likely noticed a reduction in SPAM emails and a rise in emails asking you to opt-in or opt-out. Not to mention, every website you visit asking for permission to track cookies.
What Is The Impact of GDPR?
So, 9 months on what is the impact of GDPR? Since the new regulation came into effect across Europe we can almost certainly see key changes in consumer and business behaviour. But what are these changes? Here we review the impact it had on businesses.
GDPR Is Making People More Aware Of Their Data
With public awareness on the use of personal data higher than ever, it is to no surprise that people are more conscious of the use of their data and are scrutinising it a lot more. The UK regulator has received almost three times as many complaints in 2018 compared to 2017.
In a more recent joint statement by First Vice-President Timmermans et al, on Data Protection Day, Data Protection Authorities received more than 95,000 complaints from citizens to date. Suggesting that customers are starting to exercise their right to be informed.
With increasing numbers of complaints, it forces businesses to consider if they have the right systems in place to manage data requests. If your staff or clients submitted a data request to you, could you respond in a timely manner?
GDPR Is Making Businesses More Transparent
We’ve never been hesitant to talk about the importance of cyber security and the risk of cyber-attacks and even how GDPR has a negative effect on cybercrime, as ironic as that sounds. But if Uber’s case is anything to go by, since GDPR has come into effect, transparency on breaches and management of data has become a focal point.
We are seeing more businesses self-reporting breaches which range from small breaches, such as sending emails to the wrong recipient, to front page headline hacks affecting millions of people. The DLA Piper reports that since GDPR’s implementation on 25th of May 2018, more than 59,000 breaches were notified to regulators with the United Kingdom being the 3rd country with most notified breaches.
Cybercrime and or breaches are a high risk to business data. Organisations should be reminded to notify local data protection authorities of the breach within 72 hours of discovery to ensure compliance.
GDPR Is Making Businesses More Accountable
If you’ve been reading the news lately, you would have likely heard about the nearly 50 million user accounts that were compromised by Facebook, or the 500 million hotel guests impacted in the recent Marriott hotel hack.
But these incidents are only scratching the surface, as public awareness increases and major hacks become broadcasted more often, we start to see a trend towards holding businesses more accountable about the information they store on their customers.
Before GDPR was introduced, misuse of data seemingly went unpunished. Now, hefty fines and penalties amounting up to €20 million or 4% of the company’s annual turnover, whichever is higher, are issued against organisations that fail to comply.
So far the number of fines remain relatively low with only 91 reported fines having been imposed under the new GDPR regime.
BBC news reports that Google was hit with £44m GDPR fine over ads. It’s not quite 4 percent of the company’s annual global revenue, (reports suggest this could amount to a whopping £106 billion!) but it has been the largest fine allowed under the GDPR so far.
No doubt, these astonishing figures should leave any non-compliant company quaking in their boots.
Checklist For GDPR Compliance
With all this considered, are your business and data management processes compliant with GDPR regulations? Here is our checklist to ensure compliance.
- Designate someone responsible for ensuring GDPR compliance across your business
- Create awareness amongst decision-makers about GDPR guidelines and train staff on protecting and managing data
- When in doubt, ask first and make sure you obtain customer consent
- Make it as easy for customers to withdraw consent as it was given in the first place and respect the right to be forgotten
- Identify and determine what information you really need for your day-to-day business activity
- Data breaches will always be a risk and almost inevitable, so notify local data protection authorities of the breach within 72 hours of discovery