Sovy
  • Products
    • Data Privacy Essentials℠
    • Consent Management Platform
    • Whistleblowing Portal
    • DPO Services
    • EU/UK Representative Services
    • Compliance Spot Check
    • Managed IT Services
    • All Products
    • Free GDPR Scan
    • Free GDPR Readiness Survey
  • eLearning Solutions
    • Corporate eLearning
    • Sovy Academy℠
      • Introduction to GDPR
      • Introduction to GDPR for Recruitment
      • GDPR for Privacy Managers
      • GDPR for IT Professionals
      • Introduction to Cybersecurity
  • Resources
    • Free GDPR Scan
    • Free GDPR Readiness Survey
    • Knowledge Portal
    • Data Privacy Blog
  • Pricing
    • Data Privacy Essentials
    • myConsentChoice CMP
  • About Sovy
    • Mission
    • Team
    • Investor Relations
    • Partnerships
  • Contact Us
  • Products
    • Data Privacy Essentials℠
    • Consent Management Platform
    • Whistleblowing Portal
    • DPO Services
    • EU/UK Representative Services
    • Compliance Spot Check
    • Managed IT Services
    • All Products
    • Free GDPR Scan
    • Free GDPR Readiness Survey
  • eLearning Solutions
    • Corporate eLearning
    • Sovy Academy℠
      • Introduction to GDPR
      • Introduction to GDPR for Recruitment
      • GDPR for Privacy Managers
      • GDPR for IT Professionals
      • Introduction to Cybersecurity
  • Resources
    • Free GDPR Scan
    • Free GDPR Readiness Survey
    • Knowledge Portal
    • Data Privacy Blog
  • Pricing
    • Data Privacy Essentials
    • myConsentChoice CMP
  • About Sovy
    • Mission
    • Team
    • Investor Relations
    • Partnerships
  • Contact Us

Data Privacy Blog

May 30, 2021  |  By Camelia Nastasi

GDPR Summary. How the World Changed after 3 Years of the GDPR

gdpr summary

GDPR Summary

In this article you will find a short GDPR summary and how the world has changed after 3 years of its existence.

Firstly, what is GDPR and what is GDPR meaning? (The General Data Protection Regulation) The GDPR is the European Union’s data privacy law. Its goal is to ensure that businesses and governments treat people’s data fairly and responsibly. It also informs people about where their data is going and why.

Furthermore, the GDPR  aims to make it easier for data to travel across borders in EU member states. Ensuring at the same time that the data of EU citizens remains protected under the same standards regardless of the country it is in.

The EU's Regulation is considered to be one of the strongest and most comprehensive attempts in the world to regulate the collection and use of personal data. It was adopted in 2016 and entered into force on 25th of May 2018.

The right to privacy and the protection of personal data are concepts that give you the opportunity to control the information collected about you.

What is personal data?

Personal data is any information that relates to an identified or identifiable individual. It can be a name or a number or other identifiers such as an IP address or a cookie identifier.

In general, if you can be identified as an individual directly from the processed information, then that information may be personal data.

The Principles of the GDPR

Briefly, the regulation it means the implementation of 7 principles:

  1. Lawfulness, fairness and transparency;
  2. Purpose limitation;
  3. Data minimization;
  4. Accuracy;
  5. Storage limitation;
  6. Integrity and confidentiality;
  7. Accountability.

Individual rights

In few words, the GDPR provides the following rights for you:

  1. Information;
  2. Access;
  3. Rectification;
  4. Erasure;
  5. Restrict processing;
  6. Data portability;
  7. Object.

What are controllers and processors?

The GDPR draws a distinction between a ‘controller’ and a ‘processor’  to recognise that not all organisations involved in the processing of personal data have the same degree of responsibility. The GDPR defines these terms:

‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

If you are a controller, you are responsible for complying with the GDPR. That means, you will have to demonstrate compliance with the GDPR principles.

Additionally, you are responsible to take appropriate technical and organisational measures to ensure your processing is carried out in line with the GDPR.

How the World Changed after 3 Years of  GDPR? A GDPR summary

Since its implementation, GDPR affected the activity of businesses and industries worldwide. It has taken data privacy and cybersecurity to the next level. However, you must pay constant attention to data security on a daily basis. Technology is evolving rapidly, and cyber threats require a good infrastructure and good data confidentiality support.

Companies have come a long way in the last three years. They expanded their legal teams and recruited data protection officers. One of the biggest challenges of the GDPR is that it requires a continuous and constant evaluation of the efforts made for data protection and cyber security. At any time, someone in an organisation can break the rules.

Data minimisation- a successful trend launched by GDPR

We live in an era of massive data collection. The COVID-19 pandemic has had a tremendous influence on the collection and processing of sensitive data. As a result, our lives have changed radically. Shifting our daily activities to the online environment has put the data protection laws to test. The EU and the whole world is now aware that personal data is extremely important and if illegally collected or processed, serious GDPR consequences will follow.

GDPR has launched a positive trend since its implementation, a ''revolution'' against the massive collection of data.

Companies that understand this regulation, use a simple data minimisation rule: if you don't need them, don't collect them.

Fines and penalties since May 2018

Since May 2018, the EU's regulators imposed approximately €272.5 million for GDPR infringements.

According to DLA Piper's report, Italy is the top country in ranking with fines that exceed €69.3 million since the application of the GDPR. Likewise, Germany comes next, with fines of €69.1 million, followed immediately by France with € 54.4 million.

Finally, in the last positions we see the United Kingdom and Spain with fines of €44.2 million and 14.4 million.

There have been more than 281,000 data breach notifications since May 2018, states DLA Piper.

Since January 2020, the daily rate of breach notifications recorded a growth of 331 notifications per day compared to 2020 with 278 of notifications per day.

The French data protection regulator sanctioned Google with the highest fine of €50 million. The giant company placed advertising cookies in the users’ computers without obtaining their consent.

Chair of DLA Piper's said: "Fines and breach notifications continue their double digit annual growth and European regulators have shown their willingness to use their enforcement powers. They have also adopted some extremely strict interpretations of GDPR setting the scene for heated legal battles in the years ahead. However we have also seen regulators show a degree of leniency this year in response to the ongoing pandemic with several high profile fines being reduced due to financial hardship. During the coming year we anticipate the first enforcement actions relating to GDPR's restrictions on transfers of personal data to the US and other "third countries" as the aftershocks from the ruling by Europe's highest court in the Schrems II case continue to be felt."

It's time to take employee training seriously

All consumers have become more aware of their data rights. A good way to make your staff understand the importance of complying with this regulation is to provide them a GDPR summary. Also, keep them up to date with all the new changes of this regulation.

At the same time, help them to connect with the fact that there is always a person behind the data. Ask your employees to think about each organization to which they have given their data. Data protection is about personal privacy.

An educated and properly trained workforce, means doing the right things with the collected data through your organization.

Start your team members training with our Sovy Academy services and ensure your business compliance.    

Source: https://www.dlapiper.com/en/us/insights/publications/2021/01/dla-piper-gdpr-fines-and-data-breach-survey-2021/?fbclid=IwAR2oogHjokHeeS27osQrE0YsxhZ3DYBiDyFIVIkoNS4I-qV7BMLzgVVGXKU https://gdpr-info.eu/art-5-gdpr/

Last updated: May 30, 2021

Article by Camelia Nastasi

Previous StoryEDPB launches guidelines on Examples of Data Breach notifications
Next Story8 GDPR Myths Debunked

SEARCH

CATEGORIES

  • CCPA (1)
  • compliance (1)
  • consent management (2)
  • CPRA (2)
  • Cybersecurity (2)
  • Data Privacy Fines (2)
  • Data Protection Officer (2)
  • Data security and privacy (9)
  • elearning (1)
  • GDPR (22)
  • GDPR fines (8)
  • GDPR guidance (10)

TAG CLOUD

2020 cookie policy data privacy data protection fines GDPR tik tok

ARCHIVES

  • September 2024 (1)
  • July 2024 (1)
  • June 2024 (1)
  • April 2024 (1)
  • March 2024 (1)
  • October 2023 (1)
  • July 2023 (1)
  • June 2023 (2)
  • May 2023 (1)
  • April 2023 (2)
  • March 2023 (1)
  • February 2023 (1)
  • January 2023 (2)
  • December 2022 (1)
  • October 2022 (1)
  • September 2022 (1)
  • August 2022 (1)
  • July 2022 (1)
  • June 2022 (3)
  • May 2022 (2)
  • April 2022 (1)
  • March 2022 (1)
  • February 2022 (1)
  • January 2022 (2)
  • December 2021 (1)
  • November 2021 (1)
  • September 2021 (1)
  • August 2021 (1)
  • July 2021 (2)
  • June 2021 (2)
  • May 2021 (2)
  • January 2021 (1)

LATEST POSTS

  • Top 10 Benefits of Outsourcing Your Data Protection Officer
  • custom eLearning Development Services
    Custom eLearning Development Services: Everything You Need to Know for Success
  • compliance management system
    The Ultimate Guide to Compliance Management System
  • GDPR compliance checklist
    GDPR Compliance Checklist: Ensuring Data Protection
  • why is cybersecurity important?
    Why is cybersecurity important? How to Keep your company safe

QUICK LINKS

  • About Us
  • Resources
  • Privacy Policy
  • Terms
  • Manage Consent
  • Contact Us

Sovy GDPR Privacy Essentials

  • Subscription Benefits
  • Pricing
  • Log in
  • GDPR for Small Businesses
  • GDPR for Enterprises
  • GDPR for Sole Traders
  • GDPR for Charities

SOVY LOCATIONS

Ireland HQ

Registered Office
St Gall's House
St Gall Gardens South
Milltown, Dublin 14
D14 Y882
Ph: +353 (4)6 929-3537

London

Registered Office
Kemp House
152-160 City Road
London EC1V 2N

ASSOCIATIONS

Copyright © 2024 Sovy Trust Solutions Limited. All Rights Reserved. Registered in Ireland, No. 610835 and No. 605069