GDPR had its third anniversary in May 2021, and now seems like a good time to assess its status. The original premise of the laws was built around creating a digital trust that would fuel the global economy, but the first headlines about it were largely focused on penalties for companies who failed to comply. So, the question is: What have the real-world effects been?
We look at how GDPR has been enforced, how it has influenced global regulations, and how PrivIQ is built to keep companies compliant.
Seeing how threats of fines dominated the headlines, we’ll look first at the financial consequences of GDPR. According to its Enforcement Tracker, there have been 683 total fines issued totaling more than €290 million to date. For reference, in May 2021, there were 663 total fines, and in April 2021, there were 633 fines.
The most famous fine was issued to British Airways for £183 million, though this was later reduced to just £20 million. The most affected countries in terms of numbers and overall financial burdens were Italy and Spain.
GDPR relies on supervisory authority to enforce, and, unfortunately, this is the fatal flaw in the plan. While the laws give officials a solid framework to both devise and implement policies, the actual application and oversight of the laws aren’t as cut-and-dry. Known data breaches may take months to look into, simply because there are only so many hours in a day and so many people available to address the problem.
Many have made the argument that the purpose of GDPR is to raise awareness.
The framework was designed to draw attention to the ways in which consumer data can be mishandled. When employers have clear reference points, they’re more likely to write policies that address the clauses. When employees are more knowledgeable about the rights of consumers (and the consequences of violating them), they’re more likely to follow procedure. If this is true, you might say that the status of the laws is a rousing success.
More organisations than ever before have structured their protocol around the new laws or at least revised past practices to align with stipulations. It’s inspired more organisations to onboard a Data Protection Officer (DPO), a professional who can provide the degree of oversight a company needs to stay on top of both current and future regulations. The DPO can put compliance measures in place long before the official deadline rolls around.
However, there have still been plenty of concerns raised about how data is handled and tracked, particularly in industries outside of IT. There have even been questions about whether the benefits of GDPR are actually worth the cost. For instance, some critics have noted that consent is rarely ever as straightforward as it seems, and most internet users will click ‘agree’ without ever really reading the fine print. It opens the question of how the letter of the law affects the spirit of the law.
The official response to criticism has largely been silence, and change does not appear to be on the horizon. While some have predicted amendments or major modifications, it seems unlikely this will happen anytime soon.
In addition to raising awareness in the EU, it’s undeniable that GDPR has been exceptionally influential outside its borders too. The California Consumer Privacy Act and the UK Data Protection Act 2018 were based on its framework, and official adequacy decisions will be based on the GDPR standard. Australia is also getting ready to revise its own privacy laws, and officials are turning to GDPR to set the baseline.
So even if there are amendments or clarifications made to GDPR in the future, the general consensus is that the laws will largely remain the same. GDPR has done an excellent job in outlining how consumers should be treated and why it’s important to keep sensitive information from being seen by the wrong parties.
If GDPR is unlikely to dissolve in its current iteration anytime soon, it’s more important than ever for companies to develop a framework of their own to stay compliant. One way this can be done is by implementing software designed to catch mistakes or mitigate disasters as early as possible. Even if the enforcement is patchy at best, a data breach of any magnitude may attract the wrong kind of attention to a company. Eventually, a compliance officer will likely catch up to the problem too.
PrivIQ covers 8 regulations at 23% of the worldwide economy. The software is designed to help companies with the following tasks:
The above regulations are pivotal to GDPR as they address how data should be contained and how consumers can feel more confident when asked for sensitive information. PrivIQ makes it easier to comply with GDPR by giving organisations intuitive tools that staff and leaders can utilise daily. To see how the software helps organisations protect everyone, schedule a demo today.