The GDPR presaged a new frontier for data privacy regulations. Enforcers were given the power to issue massive fines. Consumers were now in the driver’s seat when it came to how companies obtain and use their personal information.
So, three years on, how much has changed when it comes to data privacy? We’ve rounded up three articles that help explain the financial, technological, and post-COVID impact of the GDPR on data privacy and security today.
1. GDPR-related fines have increased by 40%. And that number is only going to go up.
The massive fines GDPR regulators can issue have been the subject of much discussion over the past three years. After a slow start, likely to allow businesses breathing room as they overhauled their data processes, the regulators have begun to flex their muscles.
A new report from DLA Piper’s data protection team reveals there has been a 40% increase in GDPR-related fines over the past 12 months.
To date, the largest fine is for 50 million Euros, issued by French regulator CNIL against Google for a breach of transparency rules.
The other most significant fines - issued to British Airways and Marriott for leaks of personal details of hundreds of thousands of customers - have been reduced to a fraction of their original amount because of the COVID-19 pandemic.
According to reporting from ZDNet, regulators are only getting started, and penalties are “going to get much bigger.”
2. The GDPR may already be out of date
Since the GDPR was made into law three years ago, the data security landscape has shifted. In an interview with the Financial Times, GDPR founder Axel Voss warned data security is at risk from new technologies not regulated under the GDPR, such as “blockchain, facial or voice recognition, text and data mining…artificial intelligence.”
Voss believes it might be time to revisit the GDPR to incorporate not only the emergence of new technologies but also “the widespread move to homeworking” post-pandemic. Continue reading about new challenges to data security.
3. What does post-COVID data security look like for businesses?
With different working practices comes new threats to data security. As workforces have become more distributed post-COVID 19, cloud usage has increased. So have opportunities for hackers to obtain sensitive and personal information by exploiting security vulnerabilities.
CPO Magazine explains it will be CSOs and CIOs that will feel the pressure of data security most as businesses adapt to changing work practices: “protecting, detecting, and responding to security threats in the cloud is vastly different than traditional IT, on-premises and architecture models.” Continue reading about the future of data security.
The first three years of the GDPR brought substantive changes to data privacy. Businesses have a much greater understanding of their responsibilities as data processors. And consumers have better protections against damaging breaches of their personal information.
With newly emerging technologies and a widespread shift to remote working, the only question that remains is what the next three years will look like.