As the international day of data protection approaches, we thought it appropriate to make a small balance of how the first days of the new European data protection regulation have passed: the GDPR.
This new regulation took many companies by surprise, even though it was announced well in advance. It is clear, thanks to the large number of emails we have received requesting our consent during the first hours of its implementation. After 8 months, it is possible to make an analysis of its impact and its implications for companies and their clients.
All this avalanche has served us, the users, to become aware of all the companies that in some way had our personal data. The statistics indicate that between 80% and 90% of the brands access our personal information. Thanks to the messages received, we have been able to make more conscious decisions about who and what for we give our data. In fact, the companies have reduced their contact databases by more than 50% in these months.
GDPR application: from what is said to …
All regulators data protection have been cautious to open disciplinary proceedings so far. However, this year, 2019, strongly begins with 50 million euro data consent fine imposed on Google.
Recapitulating a little bit …
The fines, for the breach of the GDPR, began to be applied since the last quarter of the year and the proceeds amounted to over 424,000 euros in 2018.
The 1st Fine:
Applied in October 2018, to an Austrian betting house for a value of 4,800 euros for having a security camera recording part of the sidewalk while the large-scale surveillance of public spaces is prohibited by the GDPR.
Other cases 2018:
- A Portuguese hospital must pay a penalty of 400,000 euros for unauthorized access to the records of their patients. Doctors of the hospital had 985 active accounts in the system that gave them access to the medical records while the center had only 296 active physicians on the date of the inspection.
- Knuddels.de, German social network received a fine of 20,000 euros for suffering a hack that caused the leak of around 808,000 email addresses and over 1.8 million usernames and passwords.
2019 strongly begins:
As many predicted 2019 begins with a strong sanction for breach of the precepts of the GDPR. The French data protection agency (CNIL) has decided to impose Google with a fine of more than 50 million euros. This is the most severe penalty imposed so far, due to the violation of the regulations in terms of privacy, in terms of advertising and transparency requirements on their Android devices.
To date, Google has been fined for: “lack of transparency, inadequate information and lack of valid consent with respect to the personalization of the ads,” specified the CNIL.
Following the announcement, a Google spokesperson said: “We are studying the decision to determine our next steps, people expect high standards of transparency and control from us. We´re deeply committed to meeting those expectations and the consent requirements of the GDPR.”
The balance of the first 8 months: two sides of the same coin
These months have served to analyze the impact of the regulations and their effectiveness. However, among experts in the field, we found very different opinions at the time of doing an evaluation of the results of the application of the regulation.
There are the skeptics, who see many dangers of this regulatory change. For this group, many companies have been unable to meet the requirements raised by the GDPR and others have been forced to invest large sums in audits and operational redesign. Under their prism, the result of these efforts, for consumers, is only a bombardment of emails asking for their consent.
Ramy Houssaini, Vice President of Security in Europe of BT, warns that the GDPR could become a breeding ground for new types of cyber attacks. Steve Grobman, McAfee’s global CTO, confirmed the above-mentioned: “As long as there are strict regulations, there can be the problem of forcing companies to put the energy they would have devoted to protecting themselves against critical threats for tasks such as regulatory compliance. It will invest so much money in avoiding a GDPR fine that companies will not have enough resources left to face day-to-day attacks.”
On the other side of the coin, there are those who value positively the entry into force of the regulation and its implications.
In the companies that manage databases of prospects and clients, they believe the process of filtering the records has been positive. Now they know, the contacts they control really want to receive their communications.
In the end, they believe that the effort that has been made and continues to be made to adapt to the changes worths it, in order to achieve medium-term results. Data is a new treasure, and the trust of the users is the best way to get it.
We are from one or another stream but the reality is that this regulation is here to stay and there are many countries are taking legislation seriously to protect the privacy of its citizens, in the face of technological changes and the avalanche of Big Data. What is your opinion?