Implementation of GDPR seems like a lifetime ago. What’s happened since May 2018 and is there anything else that businesses should look out for?
Every year since 2007, 28th January has been marked in the calendar as Data Privacy Day. This was done to increase the awareness and improve the information surrounding how personal data is being used in our quickly evolving digital lives, empowering people to take action.
Since the Data Privacy Day in 2018, there have been vast changes to the data protection landscape in Europe. In short, the EU’s General Data Protection Regulation (GDPR) has been brought into effect.
“As of May 2018, with the entry into application of the General Data Protection Regulation, there is one set of data protection rules for all companies operating in the EU, wherever they are based. Stronger rules on data protection mean people have more control over their personal data and businesses benefit from a level playing field.” - European Commission's description of GDPR
According to research from DLA Piper, the global law firm, there have been over 59,000 notifications of data breaches across the EU since May 25th 2018 - 10,600 of those have occurred in the UK. Of all these notifications, only 91 fines (reportedly) have been dished out.
The most publicised breach, and subsequent fine, has been seen in France. The French regulator, CNIL, handed Google a €50 million fine for ‘a lack of transparency surrounding how to access data policies and for the processing of personal data for advertising purposes without valid authorisation.’
This is a large fine, but it’s barely a drop in the ocean for Google and it is unlikely to impact their functions at all. This said, what it will do is act as a warning shot to other technology firms that work off a similar business model of the non-compliant processing of personal data for targeted advertising.
Other fines have been less high profile, including one against an ‘unlawful CCTV system’ in Austria and a failure by a German company to effectively hash its employees’ passwords.
You might have only just stopped receiving emails asking you to ‘opt in’ to marketing communications and think that you’re free of hearing about privacy regulations, but beware - there’s a sequel. Expected to be finalised at some point in 2019, the ePrivacy regulation will put more of a focus on communications data in the digital world. Despite the collective groans from individuals and businesses across the European Union, it is important that rules are updated to align with the data-driven world we live in.
Communications data contains an enormous amount of information regarding our habits, interests, and relationships. With this in mind, businesses need clear rules to follow. But what about Brexit? Regardless of the UK leaving the European Union, any company wanting to trade with the EU will need to get on board with ePrivacy.
Don’t leave it until the last minute, take an early look at ePrivacy and get an understanding of what your business needs to change!