Tomorrow, the 25th of May, marks the first anniversary of GDPR’s implementation in EU.
Among the “right to be forgotten”, GDPR also requires a 72-hour notification following a breach. Fail to comply, and you may be fined in excess of €20 million or 4% of the company’s annual revenue (whichever is greater).
Since its implementation, the results have been noticeable. An Oxford University study found that news sites adapted to the regulation very well; the number of cookies that news websites placed on their users’ device without their consent dropped by 22%. According to the European Commission, 95,000 GDPR-based complaints have already been filed to the data protection authorities.
A recent DLA Piper survey unveiled the most commonly seen reasons for being fined under GDPR:
– Failure to hash passwords
– Leaking health data on the internet
– Operating an excessively wide CCTV network
– Misusing personal data for advertising needs
Overall, there is still a lot to be done in terms of application. For example, 53% of companies still have more than 1,000 files with sensitive data that can be accessed by every employee.
Following in the footsteps of GDPR, there are other similar regulations that will soon see the light of day, one of which is the California Consumer Privacy Act (CCPA). It will be set in motion on the 1st of January 2020.
Now, only one question remains. Have companies learned anything from GDPR and its implications, or will history repeat itself once again?