The General Data Protection Regulation (GDPR) is nearly one year old, having come into effect on May 25th 2018. Many businesses in the UK and abroad have made amendments to elements of their practices to ensure GDPR compliance. As with any substantial change, there has been a steep learning curve and inevitable growing pains. With the one year mark fast approaching it seems an appropriate time to look at the impact and success, if any, of GDPR.
Apr 2019
The General Data Protection Regulation (GDPR) is nearly one year old, having come into effect on May 25th 2018. Many businesses in the UK and abroad have made amendments to elements of their practices to ensure GDPR compliance. As with any substantial change, there has been a steep learning curve and inevitable growing pains. With the one year mark fast approaching it seems an appropriate time to look at the impact and success, if any, of GDPR.
UK & Europe
DLA Piper revealed that European companies experienced nearly 60,000 breaches of GDPR in the initial 8 months. Among the nations with the highest breaches were the Netherlands at 15,400, Germany at 12,600 and the UK with 10,600.
The breaches ranged from minor breaches to major cyber attacks across the public and private sector throughout the EU. DLA Piper partner Ross McKean commented: “GDPR completely changes the compliance risk for organisations which suffer a personal data breach due to revenue based fines and the potential for US-style group litigation claims for compensation.”
So far 91 fines have been handed out to offending parties with the highest being a fine in France on Google for £44 million, although this is currently being appealed. More fines are expected to follow over the coming year as the regulators clear their backlog of notifications.
USA
GDPR may spread further afield in the future. There have been calls to bring GDPR to the USA. Mark Chandler, chief legal and compliance officer at Cisco, has called for US politicians to follow the EU by introducing similar regulations to GDPR. Mr Chandler said: “We believe that the GDPR has worked well and that with a few differences, that is what should be introduced in the US as well.” This could create a much larger system of accountability when it comes to data protection.
Confidence in Compliance
According to Dell Technologies Research 31% of business leaders do not trust their own organisation to effectively comply with GDPR. The study consisted of 4,600 businesses and found that 26% of participants felt that their company was not able to protect their customer data, while 78% said they felt digital transformation needed to be more widespread in their organisation. One in three feared that they would be left behind within the next five years. Michael Dell, chairman and CEO of Dell Technologies, commented: “Organisations need to modernise their technology to participate in the unprecedented opportunity of digital transformation. The time to act is now.” An interesting sentiment that may be easier said than done particularly in the context of smaller companies.
Has GDPR been a success?
The short answer is, probably, yes, however, it is too early to tell. The steps that have been taken have largely been positive. It’s not surprising that Google is seeking to appeal its fine; they stand to loose a great deal of public confidence and they are likely to be fearful of standing by and allowing a flood of heavy fines to swallow them. It wouldn’t be surprising to see fines for GDPR breaches escalating higher as new incidents come to light. Data giants like Facebook and Google are under the scrutiny of a number of nations and this can only be a good thing. There is a long game to play when it comes to the impact and regulation of personal data. We have had glimpses into what it can be used for and the potential damage that may be caused. Though GDPR may not be perfect and is likely to be revised as technology advances, it can only be a positive that there is a much greater awareness of data protection and there is recourse against those who would carelessly use data.
The lack of confidence in compliance does seem disconcerting at first glance, however, we should bear in mind that the surveys done are reflective of opinion and feeling. It is likely that businesses will make a continued effort to become more GDPR compliant, if for no other reason than their wallets stand to become a lot lighter if they fail to comply.
For further information or to discuss your GDPR requirements please contact our Corporate Team.