The General Data Protection Regulation, more commonly known as GDPR, came into effect in May 2018. It is one of the most significant data protection updates to come in over the last 2 decades. It came as a landmark to change data protection and privacy laws across Europe.
The legislation of GDPR completed in April 2016 and companies have ever seen been trying to become data privacy compliant. It does not restrict itself to business and companies based in the EU but also outside the EU and wish to do business inside the EU. It is well-known that GDPR has paved the way for a lot more transparency around data breaches. Organisations are now responsible for informing the appropriate data protection body on receiving any notices received by the EU. Organisations are also accountable for informing users of the use of their data and provide clear opt-outs from contact lists or data sharing.
The first evaluation of GDPR as a legal framework is due by May 2020. It is not only critical to evaluate the achievements that GDPR has made in the last two years but also consider some of the challenges that await in the year 2020 and ahead.
- Understanding GDPR:
One of the first challenges faced by organisations is understanding the GDPR compliances. According to a report by Symantec’s State of European Privacy Report, about 90% of organisations say it will be a challenge to delete customer’s data. And 60% said that they do not have an existing system in place that could delete customer’s data. However, the more concerning stat is that over 41% of marketers agree that they do not understand the GDPR law and practices they need around the use of customer’s personal data.
- Additional resources:
GDPR also requires some organisations to appoint DPO’s (Data Protection Officers). This can lead to an increased cost of hiring resources. Firms also feel that GDPR compliances can limit their ability to run a profitable business in the EU. While some organisations moved their companies outside the EU, some companies have also changed the way they work within the EU and use customer’s data. Also, some organisations have found ways outs and opt-outs not to be compliant with GDPR. For instance, Facebook rerouted over 1.5 billion users to ensure that they are not protected through GDPR.
- Fines due to compliance failures:
Firms also have to face penalties in they fail to understand and respond appropriately. Data from Infosecinstitute.com suggests that GDPR related fines have already mounted to over €360M. This includes fines faced by some of the top firms, such as British Airways, Marriot, Google, etc.
Companies have spent a great deal in becoming GDPR compliant and adhering to the new policies. However, looking ahead in the year 2020, it might still be a challenge to be fully compliant with all the procedures. Firms that fall short on their data protection compliances will need to pay hefty fines. Also, the ICO (Information Commissioners Office) might have already issued extensions to companies to become GDPR compliant, which might be over.
In such cases, hiring a specialist firm can help you understand the compliances better and become GDPR compliant. Relentless offers a full gap analysis report with remediation steps that can help your firm become GDPR compliant.