| 

GDPR Summary. How the World Changed after 3 Years of the GDPR

gdpr summary

GDPR Summary

In this article you will find a short GDPR summary and how the world has changed after 3 years of its existence.

Firstly, what is GDPR and what is GDPR meaning? (The General Data Protection Regulation) The GDPR is the European Union’s data privacy law. Its goal is to ensure that businesses and governments treat people’s data fairly and responsibly. It also informs people about where their data is going and why.

Furthermore, the GDPR  aims to make it easier for data to travel across borders in EU member states. Ensuring at the same time that the data of EU citizens remains protected under the same standards regardless of the country it is in.

The EU's Regulation is considered to be one of the strongest and most comprehensive attempts in the world to regulate the collection and use of personal data. It was adopted in 2016 and entered into force on 25th of May 2018.

The right to privacy and the protection of personal data are concepts that give you the opportunity to control the information collected about you.

What is personal data?

Personal data is any information that relates to an identified or identifiable individual. It can be a name or a number or other identifiers such as an IP address or a cookie identifier.

In general, if you can be identified as an individual directly from the processed information, then that information may be personal data.

The Principles of the GDPR

Briefly, the regulation it means the implementation of 7 principles:

  1. Lawfulness, fairness and transparency;
  2. Purpose limitation;
  3. Data minimization;
  4. Accuracy;
  5. Storage limitation;
  6. Integrity and confidentiality;
  7. Accountability.

Individual rights

In few words, the GDPR provides the following rights for you:

  1. Information;
  2. Access;
  3. Rectification;
  4. Erasure;
  5. Restrict processing;
  6. Data portability;
  7. Object.

What are controllers and processors?

The GDPR draws a distinction between a ‘controller’ and a ‘processor’  to recognise that not all organisations involved in the processing of personal data have the same degree of responsibility. The GDPR defines these terms:

controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

If you are a controller, you are responsible for complying with the GDPR. That means, you will have to demonstrate compliance with the GDPR principles.

Additionally, you are responsible to take appropriate technical and organisational measures to ensure your processing is carried out in line with the GDPR.

How the World Changed after 3 Years of  GDPR? A GDPR summary

Since its implementation, GDPR affected the activity of businesses and industries worldwide. It has taken data privacy and cybersecurity to the next level. However, you must pay constant attention to data security on a daily basis. Technology is evolving rapidly, and cyber threats require a good infrastructure and good data confidentiality support.

Companies have come a long way in the last three years. They expanded their legal teams and recruited data protection officers. One of the biggest challenges of the GDPR is that it requires a continuous and constant evaluation of the efforts made for data protection and cyber security. At any time, someone in an organisation can break the rules.

Data minimisation- a successful trend launched by GDPR

We live in an era of massive data collection. The COVID-19 pandemic has had a tremendous influence on the collection and processing of sensitive data. As a result, our lives have changed radically. Shifting our daily activities to the online environment has put the data protection laws to test. The EU and the whole world is now aware that personal data is extremely important and if illegally collected or processed, serious GDPR consequences will follow.

GDPR has launched a positive trend since its implementation, a ''revolution'' against the massive collection of data.

Companies that understand this regulation, use a simple data minimisation rule: if you don't need them, don't collect them.

Fines and penalties since May 2018

Since May 2018, the EU's regulators imposed approximately €272.5 million for GDPR infringements.

According to DLA Piper's report, Italy is the top country in ranking with fines that exceed €69.3 million since the application of the GDPR. Likewise, Germany comes next, with fines of €69.1 million, followed immediately by France with € 54.4 million.

Finally, in the last positions we see the United Kingdom and Spain with fines of €44.2 million and 14.4 million.

There have been more than 281,000 data breach notifications since May 2018, states DLA Piper.

Since January 2020, the daily rate of breach notifications recorded a growth of 331 notifications per day compared to 2020 with 278 of notifications per day.

The French data protection regulator sanctioned Google with the highest fine of €50 million. The giant company placed advertising cookies in the users’ computers without obtaining their consent.

Chair of DLA Piper's said: "Fines and breach notifications continue their double digit annual growth and European regulators have shown their willingness to use their enforcement powers. They have also adopted some extremely strict interpretations of GDPR setting the scene for heated legal battles in the years ahead. However we have also seen regulators show a degree of leniency this year in response to the ongoing pandemic with several high profile fines being reduced due to financial hardship. During the coming year we anticipate the first enforcement actions relating to GDPR's restrictions on transfers of personal data to the US and other "third countries" as the aftershocks from the ruling by Europe's highest court in the Schrems II case continue to be felt."

It's time to take employee training seriously

All consumers have become more aware of their data rights. A good way to make your staff understand the importance of complying with this regulation is to provide them a GDPR summary. Also, keep them up to date with all the new changes of this regulation.

At the same time, help them to connect with the fact that there is always a person behind the data. Ask your employees to think about each organization to which they have given their data. Data protection is about personal privacy.

An educated and properly trained workforce, means doing the right things with the collected data through your organization.

Start your team members training with our Sovy Academy services and ensure your business compliance.    

Source: https://www.dlapiper.com/en/us/insights/publications/2021/01/dla-piper-gdpr-fines-and-data-breach-survey-2021/?fbclid=IwAR2oogHjokHeeS27osQrE0YsxhZ3DYBiDyFIVIkoNS4I-qV7BMLzgVVGXKU https://gdpr-info.eu/art-5-gdpr/

Last updated: May 30, 2021

Article by Camelia Nastasi