GDPR – a review
It has now been over a year since the introduction of the dreaded GDPR. In the months preceding its incorporation, board and meeting rooms were awash with worried mummers and apocalyptic prophecies – but what has actually been the effect of GDPR?
A little intro
The background to the introduction of GDPR is well known. We have all seen the headlines declaring big data as the new oil and corporations such as Facebook, Apple, Microsoft have been keen to take advantage of this new commodity. Coupled with various data breaches such as the Cambridge Analytical scandal, data protection has taken the political central stage. GDPR was an effort to police and foster greater protection of individual personal data throughout the EU.
It has been calculated by the European Data Protection Board that the total penalties imposed under the legislation totalled €55,955,871. However, 90% of that sum represents a single fine imposed on Google for €57,000000 in January 2019.Considering the fact that notifications of data breaches doubled with the introduction of GDPR in the UK alone, these figures can seem somewhat underwhelming.
However, measuring the impact of GDPR on fines levied against business may be an inadequate and one-dimensional approach of measuring the success of the legislation. Some commentators have noted that despite the lacklustre figures, GDPR has helped facilitate an awareness of the importance of individual personal data, specifically how it should be processed and stored by businesses. There is also an increased awareness from individuals regarding their data rights and how it can be processed by organisations. It is fair to say that after its introduction, most organisations made the effort to redefine and refine their policies surrounding the process of data, leading to greater transparency in the area.
All in all, it is too early to measure with certainty the success of GDPR. Implementation of what is a cultural shift in attitudes towards personal data will enviably take time.
“Coupled with various data breaches such as the Cambridge Analytical scandal, data protection has taken the political central stage. ”