#GDPR – the story so far and 5 fast website fixes

by | e-Commerce News, Maratopia News

gdpr one year on

If data protection doesn’t float your personal or professional boat, May 25th, 2018 probably passed unnoticed.

But if you’re concerned with compliance, you’ll probably remember it as the date when GDPR (General Data Protection Regulation) aligned and updated data rules across Europe for the digital age.

A year on, if you’re not sure how this legislation has changed the way we do business, want to know how it’s been enforced and would like five compliance fixes for your website, pop the kettle on and peruse this blog.

GDPR – the story so far

We won’t rehearse the intricacies of GDPR here — but if you need a refresher on its purpose and provisions, revisit this awesome archive blog.

What’s more relevant at this point is reviewing the ways it’s changed the business landscape, considering some stats on enforcement and working out which areas of compliance are proving problematic. Here are some broad developments:

  • A February 2019 EDPB (European Data Protection Board) report revealed that relevant agencies across Europe have issue a total of 56 million Euros in fines from over 200,000 GDPR cases reported since its introduction, with around 52% of cases closed so far.
  • 95,000 of these were complaints, while 65,000 were triggered by data breach reports by data controllers. 56 million is not to be sniffed at, but it’s worth bearing in mind that a whopping 55 million Euros of this grand total is accounted for by French compliance watchdog CNIL’s Google fine for the web giant’s lack of transparency and lack of valid consent relating to using data for personalising ads.

GDPR enforcement themes

A deeper dig into GDPR enforcement reveals a few emerging themes and, although taking a full legislative temperature check is tricky after only 12 months, there’s enough evidence to suggest that this rule is no paper tiger – it’s got teeth and regulators aren’t afraid to clamp down on companies with poor practice.

Law firm DLA Piper’s data breach survey report reveals that GDPR’s mandatory requirement to report breaches to regulators within 72 hours resulted in 59,000 such notifications across Europe in the 8 months from the introduction of the legislation to the end of January 2019. 10,600 of these were made by Britain, making it the third-biggest contributor after The Netherlands and Germany – and suggesting that the maximum fine of up to 20 million Euros or 4% of annual turnover is making people sit up and take notice of their responsibilities.

So thus far, the surge in reported data protection breaches is a notable trend, but significant others include transparency, consent and Data Subject Access Requests (DSARS):

  • In September 2018, internet browser Brave launched a GDPR complaint with regulators in Ireland and the UK asking for an investigation across the EU into the behavioural advertising industry – specifically the alleged lack of transparency operators like Google and other ad tech firms provide to web users when collecting their data in order to build profiles and subsequently serve them with ads.
  • Privacy International filed two GDPR complaints with authorities in the UK, France and Ireland against two credit reference agencies, two data brokers and three ad tech firms, alleging that they didn’t have a valid legal basis for processing data and had not provided the requisite level of transparency.
  • The expected rise in DSAR requests has also manifested itself. Taking the medical industry alone as a prime example, December 2018 BMA stats revealed that patient data requests to GPs increased by a third since the legislation’s introduction.

Two potential attendant offshoots from these trends are noteworthy:

  • Legal commentators are already warning that an increase in the general public and solicitor’s awareness of the legislation could result in an increase in class action-style lawsuits.
  • HR departments should ensure that their data protection and retention systems are robust enough to cope with the significant admin burden associated with responding to a DSAR request.

GDPR fines

The 50 million Euros CNIL/Google fine eclipses all others, but the German data protection authority levied an 80,000 Euro fine in January 2019 for publishing sensitive health data on the internet and the same regulator had previously fined a company 20,000 Euros for failing to encrypt employee passwords.

Other cases across Europe are still under investigation and, while it’s likely that the vast majority of these won’t result in the imposition of financial penalties, regulators haven’t been slow to embrace the opportunity to exercise the full extent of their powers when deemed necessary.

General GDPR compliance

General steps to GDPR compliance remain the same as ever and include:

  • Checking your data protection policies and procedures are GDPR-compliant and ensuring all members of staff are aware of their responsibilities and receive appropriate training.
  • Ensuring contractual relationships with customers and suppliers comply with GDPR, especially if they involve transfer of electronic data outside the EU.
  • Knowing when it’s necessary to conduct a data protection impact assessment so that your regime aligns with the spirit of GDPR’s privacy by design.
  • Making sure all staff know what to do to prevent data protection breaches and the appropriate action to take when a breach is identified.
Author: Stephen Harvey-Franklin Steve Harvey-Franklin

More From Us

How Does A Remarketing Campaign Benefit My Business?

How Does A Remarketing Campaign Benefit My Business?

Whether you're a small business, or a well established corporate chain, remarketing campaigns can benefit every business model from the ground up. Your remarketing efforts can greatly impact your customer reach positively, and help to target potential customers who...

Top Tips for Working From Home: The Maratopia Edition

Top Tips for Working From Home: The Maratopia Edition

The popularity of remote working has grown massively over the last few years, with the Covid-19 pandemic playing a huge part in encouraging us to turn our dining tables into makeshift office space. However, in the years since we have been coaxed back into a normal...

How Is the Cost of Living Crisis Affecting Businesses?

How Is the Cost of Living Crisis Affecting Businesses?

There's no denying that the impact of the cost of living crisis on businesses is a scary concept, whether you're a high-flying high street brand, or a smaller local company trying to build your brand and keep your business afloat amongst rising energy bills and other...

5 Tips to Increase Your Website Conversions

5 Tips to Increase Your Website Conversions

Increasing your conversion rate is one of the most important things you can do as a business; conversion is the process of converting visitors to your website into customers. Conversions aren’t just when your customers buy a product from you either. Your conversion...

5 Times Brands Had Us Fooled On April 1st

5 Times Brands Had Us Fooled On April 1st

April Fools’ Day is an annual celebration of all things comedic. And like any annual occasion that comes but once a year, it’s a great opportunity for brands to have fun with their audiences. Not to mention, it’s a prime time for viral marketing stunts, and brands...