General Data Privacy Regulation (GDPR) became law in May 2018. It introduced specific requirements regarding how online merchants and all other types of organisation capture and store personal data relating to European citizens.
At the time of its implementation, there was some confusion around the steps organisations need to take to achieve GDPR compliance. Nearly two years later, organisations may not be aware of what has happened since then or even if they still need to take GDPR seriously. The answer is yes – as fines and public awareness are growing.
As part of its recent Future of Regulation paper, Finextra reported that European regulators have imposed penalties totalling €114 million for GDPR infringements with €329 million in fines threatened by the UK regulator since the regulation took effect. In 2018-2019, the UK Data Protection Authority (DPA) received over 40,000 complaints, an increase of 50% on the prior year. It’s a similar story in France where complaints were up 32% to over 11,000 in 2018.
The report predicts that children’s data and ad-tech issues are likely to become a significant focus of scrutiny in 2020 as well as determining the criteria around individuals’ right to be forgotten.
Awareness of GDPR laws is clearly growing, as evidenced in the increased levels of complaints from European citizens. The UK Government published a helpful guide to GDPR compliance for those who have day-to-day responsibility for data protection. If your organisation is not already fully compliant with GDPR, you need to act quickly.