GDPR Compliance: One Year On, How Has Your Business Been Affected?

Only a year ago, the European Union’s stringent General Data Protection Regulation (GDPR) finally arrived and the business world would never be the same again. But now than the dust has settled, has the expected dramatic shake-up to data protection actually happened? And has GDPR compliance really brought improvements to your business and your customers?

Statistics show that an impact is being made. According to figures from the European Data Protection Board (EDPT), since the countdown ended and GDPR finally came into effect, on May 25th 2018, some €56 million has been issued in fines and over 200,000 breaches have been reported.

These figures relate to the 31 participating European nations, with the 206,326 cases reported providing a breakdown that includes 65,000 data breaches and 95,000 complaints. Some 52% of these cases have been dealt with and closed, while a further 1% is being challenged in national courts. The remaining 47% is still under investigation.

The types of data breaches range quite widely from emails mistakenly sent to wrong recipients to major cyberhacking (British Airways in September 2018).

Record Sums In Fines

With regard to the €56 million issued in fines, the total number does seem rather high, but the vast majority (€50 million) of the figure is represented by a single fine issued to Google in January by French data protection agency, CNIL.

In that case, Google was ruled to have breached GDPR rules on two counts: a failure to meet information and transparency rules, and a failure to secure valid consent for ads personalisation.

And while the sum fined shows a clear intention to punished those who breach regulations, it also falls significantly lower than the proposed 4% of global turnover; in fact, €50 million ($57 million) represents only around 0.04% of Google’s 2018 revenue of €124 billion ($138 billion).

Breach Reporting Trend High

The key difference is the number of cases that have been reported under GDPR terms. Almost immediately, a huge spike in reports was seen. In the UK alone, there were some 1,700 incidents reported in the first month (June, 2018). Since then, the number has levelled off averaging a more respectable 400.

In the first 8 months until January, some 59,000 breaches were reported across Europe, with the majority coming from the Netherlands (15,400), Germany (12,600) and UK (10,600). In terms of breaches reported per capita, Ireland was second after The Netherlands.

The total number of GDPR fines issued are 91, with two-thirds of those issued by the German data protection authority, LfDI Baden-Württemberg (64). The fines themselves, ranged between €4,800 (unlawful CCTV system in Austria) to CNIL’s €50 million fine on Google.

Has GDPR Been Good For Business?

Experts suggest that it has been, with attention to how data is gathered, stored and distributed more acute than ever before. Data protection is no longer seen as only an IT problem, but a shared responsibility of an entire enterprise. There is also greater understanding of risk across the whole business, than at any time since technology took a hold.

To that end, there are 3 ways in which business attitude has been affected by the arrival of GDPR:

1. Data Protection Is Front-of-Mind

GDPR compliance is an ongoing process. Even if you are compliant now, the continuing changes in communication and data storage technology means the terrain is always in flux. It’s therefore extremely important to keep the issue of data protection to the forefront of the agenda. The risk of heavy fines makes this essential.

2. Securing Resources

Maintaining compliance is not easy, with specific resources needed – both in financial and personnel terms. Finding the right people to oversee compliance and then maintain it at every development is difficult with suitably seasoned privacy professionals at a premium.

3. Continued Engagement

Engagement with staff at all levels has also become extremely important, with individuals handling all types of data – from simple phone numbers to detailed profiles – now needing to understand the correct procedures to follow. Documented policies and procedural guides are now a resource every enterprise must have to hand.

If you are interested in learning more about how Kefron can help you with your GDPR compliance, please visit Kefron Services & GDPR.