May 2019

24

Happy Birthday GDPR!

Guys, if you’re anything like me then you’ve been counting down the days, been kept awake with excitement thinking of what to wear and how hard you’ll party for what seems like forever. Yes, that’s right folks, on May 25th of this year our beloved GDPR turns 1 year old! *dries eyes* - they grow up so fast.

We all know that GDPR has been a resounding success but we also know that, like all 1 year olds, there's been some teething problems. So let’s take a look back through our photo album of the past year and see how our little trooper has fared over its first year.

Let’s start with the reason GDPR is in our lives - data breaches. How’s it been doing with those? Well, this is probably the most successful part of GDPR’s short life. Prior to GDPR, there was no single breach notification regulation for the EU. Instead, it was compiled of lots of different interpretations of the 1995 Data Protection Directive (which GDPR replaced) meaning it was a kind of Wild West of data and sensitive information. Then GDPR came sauntering in to bring law and order to a lawless wasteland and created a unified framework for all breach notifications.

A data breach is when personal data for which a company is responsible is accidentally or unlawfully disclosed. If this happens, under GDPR, companies are obliged to report the data breach to their national DPA within 72 hours. The number of these reported in the last year is a whopping 41,502. Crikey! Looks like GDPR is really whipping people into shape!

To add to that, there has been an eye-watering 95,180 complaints made since the introduction of GDPR - a complaint being from those who believe that their rights under GDPR had been violated. The most common types of complaints (no surprises) were concerning telemarketing and promotional emails.

So what’s been happening as a result of these complaints and breaches then? Well, this is where our golden child’s report card slips from an “A+” to a “B - could be better, gets distracted easily” because although the number of breaches reported has been incredible, the total penalties imposed under the statute added up to €55,955,871. Which sounds really impressive until you remember that a single €50 million fine levied against Google in January accounts for nearly 90% of that sum. The vast majority of companies are still not being penalised at all for data breaches or are being fined so insignificantly that frankly, my dear, they don't give a damn.

So as we dry our eyes and close the photo album of the first year of GDPR’s existence, we can let out a big sigh and know that GDPR is the little regulation that is doing its best and making us all proud as punch. Now let’s all join together in singing a big ol’ Happy Birthday - and don’t worry, I received consent from all present, purchased the rights to the song and accepted cookies on all our behalves so no chance of the feds swooping in mid-song.

Posted byAoibheann ByrneinGDPRGeneral Data Protection Regulation