Just a little under two months ago the General Data Protection Regulation (GDPR) act came into affect across Europe. Bringing with it substantial changes in how both organisations and individuals control and manage personal data.
With two years given to prepare for the GDPR some companies were prepared and ready. However, for the majority of companies it was a last minute scramble to get the house in order and implement new processes and measures. So as not to face the wrath of the Data Protection Commission Ireland’s (DCPI) fines which can amount up to 4% of annual turnover OR €20m fine for an organisation.
A Rise in Complaints:
The latest report last week stated that the DPC had received more than 1,300 “concerns or complaints” in regards to the GDPR. With businesses logging 60 breaches of people’s personal data with the watchdog so far.
In the first 5 days of the new act, the Data Protection Commission received around 700 phone calls and over 650 emails to its information service.
Ten cases so far from national and international organisations fall under the GDPR act and are being investigated by the DPC.
Multi-national Companies Under Scrutiny:
Max Schrems – an Austrian privacy campaigner has already filed four complaints against Facebook, Instagram, Whatsapp and Google. In the complaints he claims that their take-it or leave-it approach to consent is not clear in regards to what they are collecting, why and whether it is necessary to provide the service.
Have there been any fines yet?
There have been no fines delivered as of yet under the GDPR act. Since May 25th, companies like Yahoo and Facebook have received warnings or fines but under the old legislation as the data breaches happened before the GDPR act was implemented. The ten complaints currently being investigated may see fines appear though depending on the breach of data or complaint.
So, is GDPR over?
Absolutely not. While we may not have seen any fines yet, the GDPR is mostly definitely here to stay. Companies who have started implementing GDPR processes are in a good place but data privacy is an ongoing process that needs to be reviewed and centralised as part of each and every business. At Typetec, our GDPR solution encompasses not only the procedures and policies involved in GDPR compliance but the ongoing management and reporting required from an organisation.
To find out more or get help with your GDPR compliance contact us now.
Only getting started? Read our checklist for GDPR compliance.