GDPR – One year on

The landmark legislation gave people the ‘right to know’ when their data had been hacked.

an illustration of GDPR as a padlock with EU Flag

Friday, 7 June, 2019

12 months on from the implementation of Europe’s landmark General Data Protection Regulation (GDPR) almost 145,000 complaints have been registered and after initial criticism the world is now adopting the game changer.

The GDPR was launched on 25th May last year to bolster the rights of internet users and required companies to request the explicit consent to use our personal data collected or processed within the European Union. It also gave people the ‘right to know’ when their data had been hacked.

The main aim of the rules has been to empower people and help them to gain more control over their personal data. This is already happening – people are making use of their new rights and more than two-thirds of Europeans have heard about the regulations.

- Vera Jourova: Justice and Consumer Affairs Commissioner, European Union

While there have been 144,376 complaints registered with the EU’s national authorities in charge of enforcing it, there were some 450 pan-European cases opened that crossed borders within the EU.

The complaints have resulted in some severe penalties none more so than France’s record fifty million euros fine brought against Google for not doing enough to inform users on how their data is used.

It is fair to say that the EU’s boast that GDPR has been the biggest shake-up of data privacy regulations since the birth of the web has merit. Whatever the validity of such a boast it is undeniable that it has set new, higher standards as the mood is now for greater scrutiny of tech giants such as Facebook, Google and Amazon.

Given the scandals that these companies have faced recently, other countries have been prompted to enact their own data regulations based on the GDPR model.

Last year the US state of California, home of Silicon Valley adopted stringent data legislation inspired by GDPR, and Japan likewise actually worked with the EU to produce its own legislation.

The EU has acknowledged that the transition for companies has not been easy. Millions of euros have been spent to comply with the regulations. Much of this has gone into upgrading how the companies handle vast amounts of daily data streaming.

Many companies face a major problem – their IT system was designed around providing services, but not around the data, which is constantly duplicated in all directions, sent to multitudes of providers and suppliers.

- Gerome Billois: IT Service Manager, Wavestone

One example of this is the fact that 31% of companies failed to implement the GDPR’s ‘right to be forgotten.’ Not for nefarious reasons but simply because they didn’t know where the data was.

While there have been all round pats on the backs for its first year, many acknowledge there is a long way to go. And at present three EU countries, Portugal, Slovenia and Greece have yet to implement the regulations.

Commissioner Jourova said that her commission was working hard to ensure a smooth implementation across the continent. She also said she wanted to help smaller companies to meet their new obligations.

Tim Bamford author picture


Tim is a veteran freelance journalist writing extensively on internet news and cybersecurity.