GDPR has the 1 year anniversary. Is the baby more mature?
It has been a year since the introduction of the EU’s General Data Protection Regulation (GDPR).As a reminder (however everyone probably have a nightmares about it), GPDR replaced the Data Protection Directive on May 25, 2018. The regulation aims to protect EU citizen’s data privacy, harmonise data laws throughout Europe, and reshape the way organisations approach data privacy.
On May 22, figures published by the European Commission revealed that:
in 2018, 89,271 complaints have been lodged to data protection authorities regarding GDPR.
only 20% of Europe’s population are aware of which public authority is responsible for the regulation.
Greece, Slovenia and Portugal didn't adapt the regulation yet (!)
Fines for breaching GDPR are separated into two tiers.
up to €10m, or 2% of a firm’s annual worldwide revenue for the previous year, with the regulators choosing whichever is highest.
up to €20m, or 4% of the firm’s worldwide annual revenue, with the fine being whichever is highest.
In February, research by Reynolds Porter Chamberlain revealed an increase
from 25 in 2017, to 145 in 2018 in the number of data breaches reported by financial services firms to the UK’s Financial Conduct Authority (FCA).
On January 21, the French data regulator CNIL penalized Google €50m “for a lack of transparency, inadequate information and lack of valid consent regarding the ads personalization.”
In March, the Polish data protection regulator fined a data brokering company for failing to tell citizens that their data was being processed by the company, which the regulator said denied citizens the opportunity to object to further processing of their data.
On February 21, the Lands Authority in Malta was fined €5,000 for a lack of necessary technical and organizational measures to ensure the security of data processing on the authority’s online application platform.
A survey published by GDPR.EU in May on how small business are faring with GDPR revealed
44% of respondents were not “confident that they always obtain consent or determined a lawful basis before using personal data.”
One year behind us, let's see if it will improve, since personally I fully agree with the principals and data protection idea, definitely needed. The issue is with the executions and interpretations. However - end of the day I believe that GDPR will became a regulation which helps both Customers and Companies.