We have now passed the milestone first anniversary of the introduction of GDPR and, although it is rather sobering to reflect on the fact that European data protection agencies have already issued €56m in fines, €50m of that was directed at one organisation, Google, by French data watchdog CNIL.
So, does this mean that GDPR was just a lot of fuss about nothing? Or are the data agencies preparing for an onslaught after giving European businesses time to adjust to the new rules?
Looking at the latest figures from the European Data Protection Board (EDPB), there were 206,326 cases reported across Europe in the 9 months following the new law being introduced in May 2018. Of these, around 65,000 involved breaches reported by a data controller, whereas 95,000 represented complaints. Most have already been resolved although 1% look set to go to court.
GDPR was introduced to protect the consumer by tightening data security and protecting privacy but it is fair to say that a lot of the noise surrounding the new regulations has been focused around ensuring companies have updated their privacy policies.
The important message, as we mark GDPR’s first birthday, is that GDPR is not a task that must be ticked off. It is a way of life. Organisations should be instilling the principles of GDPR throughout their organisation at every level, from waiting room to boardroom.
GDPR compliance is an ongoing process and as such it is important to keep staff training up to date so that employees have a really good understanding of how and why privacy should be protected and where the dangers lie for a breach to occur in their own organisation.
One other thing to bear in mind is that there will be fines aplenty hitting the headlines over the next few years. Do not allow yourself to be lulled into a false sense of security by the lack of them during year one. The Information Commissioner’s Office experienced an increase in the number of data privacy related complaints of 160% in the first six weeks after the new GDPR laws were introduced. If businesses were feeling overwhelmed by GDPR issue, so too was the ICO. The dust has settled, the period of grace is over and there is no excuse not to be prepared as we enter year two.
Haddleton Academy offers online GDPR training to help your employees develop a better understanding of data protection and compliance. Our courses are written by lawyers in an accessible format that is easy to use and understand. Find out more at www.haddletonacademy.com