Our Blog: Stuff we think you should know

How the EU’s General Data Protection Regulation is Working After the First Year

How the EU’s General Data Protection Regulation is Working After the First Year

After years of talk about individual data privacy, and years enacting regional laws, the European Union’s flagship individual privacy law, the General Data Protection Regulation went into effect a year ago in May. Suddenly, if your organization does business inside EU member states, you will be under a stringent regulation concerning individual data privacy. Today, we will look at the GDPR and what has changed in the year it has been law.

The GDPR

Prior to the ratification of the GDPR, individual data privacy was the responsibility of the individual. Outside of the EU, it largely still is, but when the GDPR went into effect it opened people’s eyes to just how many of the corporations they come into contact with were misusing their personal data. The GDPR, which grew from individual privacy laws enacted by individual EU states, provides individuals with recourse if they do not approve of the way their data is being used by corporations. Information such as names, physical addresses, phone numbers, email addresses, and medical and financial information were being shared by technology companies. Somewhere in the lengthy terms of service agreement, companies would have language that allowed them to package individual data and effectively use it as an alternative revenue stream. Consumers in the know don’t see this as fair. 

This level of data privacy has been roundly rejected in the United States up until recently, and those who do want to see a GDPR-like law on the books in the U.S. may not want to hold their breath. Before the GDPR was in the news, not many organizations were thinking about how data breaches could negatively affect anyone but themselves. This has led to a wholesale change in the way businesses view data management, the training of their staff, and security investments as a whole. 

After One Year

In the first eight months, over 59,000 personal data breaches have been reported to GDPR regulators. This may be less than you may have liked to see, but it is twice as many as there were in 2017; and, of course, 59,000+ more than anyone wants. The fines levied by GDPR regulators are hefty (up to €20 million, or up to 4 percent of total revenue from the previous year, whichever is larger), so you are seeing an increase aligned and strategic approach to keeping data secure; and, reporting any data breaches that do happen quickly. If you would like to see how the GDPR has fared in its first eight months, download the DLA Piper GDPR data breach survey, here.

The results of the GDPR don’t speak to its effectiveness thus far, but in future reports it will become evident that the law is working to keep individual data secure; or, at the very least, keeping companies honest. Under the GDPR, companies that sustain data breaches have 72 hours to notify the people whose information has been exposed. This strict deadline eliminates the possibilities that companies can manipulate public perception about how they are faring with data security, as you’ve seen numerous times over the past two decades. 

Unfortunately, the huge teeth that the GDPR was built with haven’t been used to bite non-compliant companies thus far. Fines that add up to €55,955,871 have been levied against the companies responsible for the 59,000 and change reported data breaches, an admittedly modest amount when you consider that around 90 percent of that sum was the fine levied against a single company, U.S.-based tech giant Google.. 

According to a French GDPR regulator, this small amount should be considered the result of it being a transition year than some type of long-term ineffectiveness of the law. It remains to be seen just how effective the law can be if regulators aren’t actively enforcing it in a manner that affects the business operations of those at fault. 

The Wider View

Over the past year since GDPR has went into effect, a lot has happened in the U.S. on the individual data privacy front. Not only has the GDPR lit fire under the seats of lawmakers, it has major tech firm CEOs, such as Apple’s Tim Cook, calling individual data privacy a “fundamental human right”. 

While Mr. Cook seems to be in the minority of American tech company leaders (as can be seen by the €50 million GDPR Google fine), it is a step in the right direction. One place where data privacy was a priority is in the state of California. Not long after the GDPR went into effect, the Golden State passed its own sweeping (and rather hastily designed) data privacy law, the California Consumer Privacy Act. The CCP is designed to protect the residents of California from corporate overreach. Colorado, Massachusetts, and Ohio lawmakers followed suit with their own privacy laws shortly after California’s CPA was ratified. 

This is good news for individual data privacy in the U.S. It’s a far cry from only a few short years ago where some of the most reputable companies in the world could regularly lose a person’s sensitive data with no pushback. These situations resulted in some pretty damning situations for online consumers. Federal lawmakers have balked at making waves of their own in regard to data privacy, but if history is any indication, when states begin passing laws that are outside the norm, the U.S. Congress typically acts to fill the breach.

If you would like more information about the GDPR, subscribe to our blog, or call one of our knowledgeable IT professionals at 866.625.3560.

The Cloud Isn’t Necessarily Safe
OneNote 2016 is Dead, Long Live OneNote for Window...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, July 18 2019

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Cloud Privacy Email Hackers Business User Tips Microsoft Malware Business Computing Network Security Hosted Solutions Computer Productivity Software Google Internet Tech Term Communication Data Small Business Mobile Devices Efficiency IT Services Ransomware Backup Workplace Tips Hardware Windows 10 Cloud Computing Smartphone Android Data Recovery IT Support Microsoft Office Saving Money Productivity Upgrade Office 365 Social Media Gmail Managed IT Services Data Management Windows Facebook Users Browser Information Business Continuity Word Data Backup Internet of Things Innovation Managed IT Services Server Phishing Mobile Device Miscellaneous Disaster Recovery Smartphones Passwords App Outsourced IT Windows 10 communications Vulnerability Employer-Employee Relationship Managed Service Provider Artificial Intelligence Cybersecurity VoIP Encryption Network Remote Monitoring Chrome Business Management BYOD Analytics Apps Tip of the week IT Support Applications Money Virtual Reality Office Tips Gadgets Infrastructure Managed Service Hacker Spam Website Content Filtering Save Money Government Big Data Apple Education Data storage Access Control Tablet Risk Management Display Router Wireless Antivirus Firewall VPN Robot Printing WiFi Avoiding Downtime Customer Service Augmented Reality Automation Paperless Office The Internet of Things Employee-Employer Relationship Settings Virtualization Two-factor Authentication Unified Threat Management IT Management Bandwidth Maintenance YouTube Development OneNote Quick Tips Storage Collaboration Retail Scam Search HIPAA IBM Document Management Hacking Solid State Drive Administration Networking Mobile Device Management Outlook Customer Relationship Management Monitors Hard Disk Drive Wi-Fi Data Security Laptop Business Intelligence Mobile Security Presentation Data loss Business Technology Operating System Virtual Private Network Office End of Support SaaS Wireless Technology Computing Safety Bring Your Own Device Company Culture Recovery Google Drive Server Management Password Mouse Vendor Management Holiday Touchscreen Downtime Hosted Solution LiFi Telephone Systems Computers Chromebook Computing Infrastructure Dongle Knowledge Google Wallet Onboarding Smart Technology User Error Motherboard Sports Business Growth Cables Laptops Uninterrupted Power Supply Patch Management Current Events Slack Data Breach Legislation Identity Mobile Office Private Cloud Continuity Mobility Bluetooth Permissions Assessment Corporate Profile User Legal Tech Support Smart Office Co-Managed IT FCC Smart Tech Refrigeration Charging Alerts Service Level Agreement Public Speaking Experience Unified Communications Drones Computer Care Digital Signage GDPR VoIP Distributed Denial of Service Alt Codes Dark Data File Sharing Wires Software as a Service Going Green Social Engineering Samsung Monitoring Hard Disk Drives How To Comparison Running Cable Solar Print Toner Fraud Internet Exlporer Competition WannaCry SharePoint Websites Work Identity Theft Content Business Analysis IT service Heating/Cooling Title II Connectivity Virtual Desktop Social Messaging Licensing Training Desktop Data Warehouse Time Management Managed IT Service Modem Buisness Typing Voice over Internet Protocol Entertainment IT solutions G Suite Spying Solid State Drives Firefox Specifications Compliance Lithium-ion battery Deep Learning Humor Automobile Shortcuts Cabling Value Analysis Employee-Employer Relationships Downloads IT Technicians Optimization Streaming BDR Servers Online IoT Undo Hacks Cooperation Budget Troubleshooting Network Management Break Fix Cookies Marketing 5G Cryptocurrency FinTech iOS Cortana How To National Security Black Friday Techology Regulations Application Halloween sip Security Cameras Managed IT Hotspot Professional Services Remote Computing Students Digital Multi-Factor Security Lenovo Mirgation Recycling Human Error Google Maps Microsoft Excel Star Wars Fun Mail Merge Staff Dark Web Nanotechnology Bitcoin Network Congestion Update MSP Scalability Information Technology PowerPoint Updates Cyber Monday Unified Threat Management Social Networking Scary Stories Best Practice telephony Managing Stress Managed Services Disaster Shortcut Language USB Writing Mixed Reality Spyware Google Calendar Superfish Chatbots IP Address Cybercrime Google Docs eWaste Digital Payment Device Statistics Blockchain Cost Management Printer Address Wearable Technology Politics LED Net Neutrality Screen Reader Hard Drives Windows 8 Migration Domains Upgrades Cleaning Health Alert CCTV CrashOverride Emoji Webcam Windows 7 3D Printing Work/Life Balance Electronic Medical Records Error Emergency Black Market Point of Sale Regulation Unsupported Software Law Enforcement Travel Notifications Botnet Supercomputer Twitter Mobile Data Gadget Staffing Motion Sickness Crowdsourcing Taxes Personal Information Administrator Web Server Machine Learning IT Budget GPS Printers IT Consultant Computer Repair Mobile Computing Processors Cameras Relocation Physical Security Tracking Meetings