On May 25, 2018, the General Data Protection Regulation (GDPR) entered into force in Europe and changed the way we are all experiencing our Digital lifestyle. This regulation was introduced to protect all citizens, residents, and visitors in the EU of their personal data and Privacy.
It has been more than 18 months since it was introduced, and people have just become aware of how it works and their rights. Most Data subjects or users as they are called in the regulation, still only glance the consent message and proceed by just clicking to access the site or the application. Full understanding of the user’s right needs to be informed, so users can be more careful by allowing them to have their information tracked or collected.
According to the GDPR EU report in May 2019, 67% per cent of Europeans have heard about the regulation. 57% of Europeans know there is a public authority in their country, protecting their rights about personal data. There has been 144,376 queries and complaints from all data protection authorities from May 2018 until May 2019. And there have been 89,271 data breach notifications. (European Commission, 2019)
Even at this early stage, there have been large fines already implemented to businesses. The French authority fined 50 million € to a single business, and other significant fines have also been issued in Germany, Spain, Sweden and others.
The more users are aware of their rights, the more complaints and fines will continue to be implemented.
One of the main issues is the homogeneity on the method that each country is enforcing the regulation. Different countries have a different strategy on implementing the penalties, besides the interpretation of the rules.
Another big issue is how to handle technology that is coming in from outside the EU. With the implementation of Big Data and AI will pose the biggest problems, especially with China, that is taking the lead with these technologies. (ComputerWorld, 2019)
Furthermore, things might also get complicated once Brexit comes into effect. With Brexit, UK might decide not to follow the EU Regulation anymore. There might be additional constraints on how data moves in and out of the country
“We see a lot of disruption coming with Brexit because so many organisations have connections intertwined, particularly with London and the banking and finance aspects,” said by Steele Arbeeny, SNP Group CTO, a software-based company in Germany. (ComputerWorld, 2019).
The other area to watch is litigations, specifically on backups. Backups are detailed vaguely in the regulation. Companies have the concern if they would be fined for old backups from 10 years ago that may contain sensitive information. It would be challenging to go through all those backups looking and finding where there is sensitive personal data. (ComputerWorld, 2019)
The way forward for all of these is to provide more training to Data Subjects, Data Controllers, and Data processors, in more explicit terms: to users, companies, and their partners or vendors.
The more the complete ecosystem understands their rights and limitations, the better the digital lifestyle experience will be.
GDPR authorities need to continue working together to homogenise the enforcement of the fines and to clarify vague details of the regulations. Furthermore, there is the need for working with other countries to make sure that the digital experience is seamless for all users, and privacy and personal data is always respected independently in what area we live in.
ComputerWorld, 2019. State of GDPR in mainland
Available at: https://www.computerweekly.com/ehandbook/State-of-GDPR-in-mainland-Europe
[Accessed 21 11 2019].
Commission, 2019. Library. [Online]
Available at: https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules/eu-data-protection-rules_en#library
[Accessed 21 November 2019].