by Dr. Sanjana Mehta, Head of Market Research Strategy - EMEA
May 25 marks the first anniversary since the European Union’s General Data Protection Regulation (GDPR) came into force. After a two-year preparation process, the regulation came into effect a year ago tomorrow, harmonizing data security, data protection, data retention and data usage laws across the EU member states. It also has significant ramifications for companies outside the EU that hold personal information relating to EU citizens and organizations. Failure to comply with the GDPR can and will result in fines and other legal sanctions.
The GDPR has already had significant financial and reputational implications for organizations that are found to be in breach of the legislation. There has been a stark increase in the number of disclosed breaches as organizations embrace transparency in order to meet the 72-hour disclosure requirement. Doing so has, in many cases, helped organizations avoid financial penalties, although nearly 100 fines have been issued to date.
Data from law firm DLA Piper revealed that the UK reported the third highest number of breaches following the implementation of the GDPR, trailing only the Netherlands (15,400) and Germany (12,600). The number of reported breaches is significant and made more compelling when you consider the sanctions that compromised businesses could face if they are found to have been in breach of the legislation.
The maximum fine for a data breach or data privacy compliance failure has increased from £500,000 (in the UK) to €20 million or four percent of global GDP, whichever is higher. While the EU and its member states have yet to fully exercise the maximum penalties, we have seen Google fined €50 million by the French data protection watchdog for GDPR vi ..