In May 2018, the EU’s General Data Protection Regulation went into effect, causing organisations across the world and across industries to seriously consider their existing data protection policies. GDPR is one of the world’s most stringent data regulations, threatening severe fines of up to 4% of annual global turnover or €20 million, whichever amount is greater.
Two years on, the cyber security and data protection landscape has continued to change, and GDPR investigations and fines have made the headlines several times. Large data breaches, such as the Equifax or Carphone Warehouse hacks, resulted in punishment from the Information Commissioner’s Office (ICO). As attempted hacks continue, more fines are expected to be handed out over the course of 2020.
Furthermore, political changes like Brexit may have an impact on GDPR as we know it. Though GDPR is enshrined in UK law, any updates to GDPR by the EU or changes made by the UK Government could change the requirements, protections and consequences. In response to this, Google has recently announced their intention to move the data and accounts of British users to the US, potentially weakening the protections the EU offers.
However, GDPR itself set off a wave of similar privacy laws being enacted around the world, including the California Consumer Privacy Act, which went into effect at the beginning of the year. It seems that GDPR marked a serious reconsideration of the dangers of digitalisation and interconnection that will continue as technology further evolves.
Compliance is still a serious issue, whether you need to fulfil the requirements of GDPR or another regulation specific to your industry. Tools like CyDesk can help you maintain your compliance as regulations change or new requirements are introduced. Whether a regulation is coming into effect or is ten years old, make sure you and your organisation are on top of it!