GDPR – one year on, where are we at?

It’s been a year since Europe’s General Data Protection Regulation (GDPR) was introduced. But how much has changed?

When GDPR came into effect, most companies assumed the changes would be instant. But as is the way with such wide-reaching rules, the impact of GDPR has not been immediately obvious. In fact, you’d be forgiven for wondering if it was all a storm in a teacup.

So where are we at with it all?

Many companies struggled to prepare for GDPR, and many have struggled to comply with it – specifically the part that states customers can request copies of the data businesses have about them. 

A year on, businesses are realising compliance isn’t just about avoiding fines, it can help boost customer trust and business growth. As GDPR compliance becomes more uniform, customer perspectives will be lifted in the coming 12 months.

Of course, GDPR is not the only development in privacy regulations. The EU is poised to update its ePrivacy Regulation, dealing with consent for cookie use and treatment of electronic communications. 

The current ePrivacy rules apply to traditional communication channels, leaving the likes of WhatsApp and Facebook Messenger exempt. The new rules would make sure that was no longer the case.

What about enforcement and penalties?

For the first year of GDPR, penalties have been patchy because regulators lacked legal precedents. A study by the International Association of Privacy Professionals (IAPP) looked at the expected timescale between a violation occurring, a complaint being issued and punitive actions being levied. It ‘playfully predicted’ the first GDPR enforcement action would be on 22 February 2019.

As far as predictions go, it wasn’t a bad shout.

On 21 January 2019, France’s privacy regulator CNIL imposed a €50 million fine on Google LLC for violating transparency and consent rules. This move has been widely hailed as a new era in GDPR enforcement, with CNIL paving the way for other regulators to drive the behaviour of global companies via enforcement of GDPR rules.

Other notable GDPR legal actions include the Austrian business owner who was fined for placing insufficiently marked CCTV outside his premises. And the German social media platform that compromised the personal information of 330,000 users, including their passwords and email addresses.

One year on, and a growing bank of legal precedents in place, regulators will be more confident and concise in their rulings.

The future of GDPR

Looking forward, there are signs that GDPR is starting to make an impact on big data ethics. As companies focus more on data governance and data mapping they are becoming increasingly aware of data usage and storage. Equally, data scientists are taking steps to treat information differently, and anonymising it first.

Even though GDPR has been designed to keep consumer data safer, some people believe it increases the risk of large-scale data breaches. The argument is that by focusing more on compliance, companies are distracted and taking resources away from cybersecurity.

It’s safe to say that GDPR will change how businesses operate forever. Recruiters need to treat personal information with more care than ever.

If you would like to find out more, get in touch with me today.