GDPR: TWO YEARS ON

Security Advisor Middle East|May 2020

GDPR: TWO YEARS ON
THE ENACTMENT OF THE GENERAL DATA PROTECTION REGULATION (GDPR) IN MAY 2018 HAS PUSHED MANY ORGANISATIONS TO RE-THINK THE WAY THEY MANAGE, UTILISE AND PROTECT DATA. WITH ITS SECOND ANNIVERSARY FAST APPROACHING, HOW HAS THE REGULATION IMPACTED THE DIGITAL PRIVACY LANDSCAPE AND HOW ARE ENTERPRISES COPING? DANIEL BARDSLEY INVESTIGATES.
Two years ago this month, Security Advisor Middle East posed a stark question on its front cover, asking, “GDPR: Are you ready?”

It was on May 25, 2018 that the General Data Protection Regulation took effect, so the hope is that organisations have by now come to terms with the brave new world heralded by the far-reaching rules.

The European Union, which is behind the regulations, has clearly been taking them seriously, because multiple heavy fines have been levied for breaches.

The legislation states that organisations can be fined up to EUR 20 million (AED 79.9 million) or four percent of their annual turnover, whichever is greater, for transgressions.

As of late April this year, well over 250 fines had been levied – excluding any that may not have emerged publicly – and while many have been for just a few thousand euros or less, others have involved eye-watering sums.

In the most serious cases so far, British Airways had its wallet lightened to the tune of more than EUR 200 million, Marriott International Hotels by slightly above EUR 110 million and Google by EUR 50 million.

GDPR was introduced in the wake of multiple cases where the data of consumers had been leaked.

Aside from the headline-grabbing fines, and the many other smaller penalties, what has the implementation of GDPR meant for companies? An interesting analysis of this came from a paper published earlier this year by Digital Europe.

Entitled Almost two years of GDPR: celebrating and improving the application of Europe’s data protection framework, the report notes that the legislation has sparked widespread investment in data compliance across industry.

As well as aiming to cut the risk of data breaches, the legislation strengthens the hand of individuals when it comes to determining how their data is stored and used.

As a result, organisations have had to look at how they collect, store and retain data to ensure that they do this only where necessary, and have been forced to assess the relevance and need for the data that they control.

“IT’S BEEN A ROUGH ROAD AND MANY COMPANIES ARE STILL NOT THERE WITH THEIR COMPLIANCE, BUT THOSE THAT HAVE TAKEN THE JOURNEY ARE LIKELY TO BE STRONGER AS A RESULT.” - Brian Chappell, BeyondTrust

articleRead

You can read up to 3 premium stories before you subscribe to Magzter GOLD

Log in, if you are already a subscriber

GoldLogo

Get unlimited access to thousands of curated premium stories and 5,000+ magazines

READ THE ENTIRE ISSUE

May 2020