This time last year many companies were in the grips of panic over the GDPR (General Data Protection Regulation) ruling which came into effect in May 2018. One year on, perhaps it is time to take stock, review the situation and look at what the future holds.
Brexit caused a great amount of uncertainty in the year following GDPR’s introduction and with the delayal of the March 2019 deadline, uncertainty is at an all time high. So how will data protection laws be affected by Brexit?
All companies that market into the EU will still have to comply with GDPR. Furthermore, the Information commissioner’s office (ICO) and UK Government have made it clear that, regardless of Brexit, it is the intention that GDPR should continue to apply within the UK.
So the valuable work of managing your data will not go to waste post Brexit.
Various fines have been issued since the introduction of GDPR, for example, according to charity digital news:
- Equifax was fined £500,000 for failing to protect the personal information of up to 15 million UK citizens during a cyber-attack.
- Carphone Warehouse was fined £400,000 after serious security failures placed the data of more than 18,000 customers and 1,000 staff at risk.
- Uber was fined £385,000 for failing to protect the personal information of almost 82,000 drivers in the UK during a cyber attack
These are mild fines compared to the US in which Uber was forced to pay $148 million in a nationwide settlement over a data breach.
Uber was also subsequentially forced to:
- Disclose data breaches to consumers in a timely manner as legally required
- Strengthen data security policies and procedures
- Implement a program for employees to report ethics concerns to company management
Another interesting case study is the Facebook and Cambridge Analytica case in which Facebook was fined £500,000 by the Information Commissioner’s Office. This was however before the introduction of GDPR and was the maximum amount allowed under the European Union’s old data privacy laws. If the Incident took place after GDPR came into effect, Facebook could have faced a fine of up to $1.1 billion or four percent of its global revenue.
It is clear that GDPR was and is no joke, as shown by the above case studies, serious fines have been and will be imposed if companies do not manage their data in the correct way.
One of our blog titles in May last year was “Preparing your Data for GDPR – Marathon or Sprint?”
In this article we advised that the preparation for GDPR should be a “marathon and not a sprint”. Managing data is not a quick and easy task. Robust, well-structured systems must be put in place that stand the test of time. Is your data still in order? Will your data management tools last the coming years in which data regulations are only set to get stricter and stricter?
Data management is not a one time problem that can be solved in one swift brush stroke, data needs constant care and as Bill Gates said ‘How you manage your data will determine whether you win or lose’.