By accepting you will be accessing a service provided by a third-party external to

How the EU’s General Data Protection Regulation is Working After the First Year

How the EU’s General Data Protection Regulation is Working After the First Year

After years of talk about individual data privacy, and years enacting regional laws, the European Union’s flagship individual privacy law, the General Data Protection Regulation went into effect a year ago in May. Suddenly, if your organization does business inside EU member states, you will be under a stringent regulation concerning individual data privacy. Today, we will look at the GDPR and what has changed in the year it has been law.


Prior to the ratification of the GDPR, individual data privacy was the responsibility of the individual. Outside of the EU, it largely still is, but when the GDPR went into effect it opened people’s eyes to just how many of the corporations they come into contact with were misusing their personal data. The GDPR, which grew from individual privacy laws enacted by individual EU states, provides individuals with recourse if they do not approve of the way their data is being used by corporations. Information such as names, physical addresses, phone numbers, email addresses, and medical and financial information were being shared by technology companies. Somewhere in the lengthy terms of service agreement, companies would have language that allowed them to package individual data and effectively use it as an alternative revenue stream. Consumers in the know don’t see this as fair. 

This level of data privacy has been roundly rejected in the United States up until recently, and those who do want to see a GDPR-like law on the books in the U.S. may not want to hold their breath. Before the GDPR was in the news, not many organizations were thinking about how data breaches could negatively affect anyone but themselves. This has led to a wholesale change in the way businesses view data management, the training of their staff, and security investments as a whole. 

After One Year

In the first eight months, over 59,000 personal data breaches have been reported to GDPR regulators. This may be less than you may have liked to see, but it is twice as many as there were in 2017; and, of course, 59,000+ more than anyone wants. The fines levied by GDPR regulators are hefty (up to €20 million, or up to 4 percent of total revenue from the previous year, whichever is larger), so you are seeing an increase aligned and strategic approach to keeping data secure; and, reporting any data breaches that do happen quickly. If you would like to see how the GDPR has fared in its first eight months, download the DLA Piper GDPR data breach survey, here.

The results of the GDPR don’t speak to its effectiveness thus far, but in future reports it will become evident that the law is working to keep individual data secure; or, at the very least, keeping companies honest. Under the GDPR, companies that sustain data breaches have 72 hours to notify the people whose information has been exposed. This strict deadline eliminates the possibilities that companies can manipulate public perception about how they are faring with data security, as you’ve seen numerous times over the past two decades. 

Unfortunately, the huge teeth that the GDPR was built with haven’t been used to bite non-compliant companies thus far. Fines that add up to €55,955,871 have been levied against the companies responsible for the 59,000 and change reported data breaches, an admittedly modest amount when you consider that around 90 percent of that sum was the fine levied against a single company, U.S.-based tech giant Google.. 

According to a French GDPR regulator, this small amount should be considered the result of it being a transition year than some type of long-term ineffectiveness of the law. It remains to be seen just how effective the law can be if regulators aren’t actively enforcing it in a manner that affects the business operations of those at fault. 

The Wider View

Over the past year since GDPR has went into effect, a lot has happened in the U.S. on the individual data privacy front. Not only has the GDPR lit fire under the seats of lawmakers, it has major tech firm CEOs, such as Apple’s Tim Cook, calling individual data privacy a “fundamental human right”. 

While Mr. Cook seems to be in the minority of American tech company leaders (as can be seen by the €50 million GDPR Google fine), it is a step in the right direction. One place where data privacy was a priority is in the state of California. Not long after the GDPR went into effect, the Golden State passed its own sweeping (and rather hastily designed) data privacy law, the California Consumer Privacy Act. The CCP is designed to protect the residents of California from corporate overreach. Colorado, Massachusetts, and Ohio lawmakers followed suit with their own privacy laws shortly after California’s CPA was ratified. 

This is good news for individual data privacy in the U.S. It’s a far cry from only a few short years ago where some of the most reputable companies in the world could regularly lose a person’s sensitive data with no pushback. These situations resulted in some pretty damning situations for online consumers. Federal lawmakers have balked at making waves of their own in regard to data privacy, but if history is any indication, when states begin passing laws that are outside the norm, the U.S. Congress typically acts to fill the breach.

If you would like more information about the GDPR, subscribe to our blog, or call one of our knowledgeable IT professionals at 978-482-2020.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Wednesday, June 03 2020

Captcha Image

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Productivity Business Computing Privacy User Tips Cloud Network Security Email Hosted Solutions Microsoft Hackers Computer Software Business Efficiency Malware Communication Data Google Small Business Workplace Tips IT Services IT Support Mobile Devices Tech Term Hardware Cloud Computing Managed IT Services Internet Data Recovery Backup Ransomware Innovation Users Smartphone Outsourced IT Android Saving Money Windows Upgrade Smartphones Mobile Device Miscellaneous Data Backup communications Server Facebook Phishing Microsoft Office Business Management Browser Business Continuity Windows 10 Disaster Recovery VoIP Information Office 365 Managed IT Services Network Social Media Productivity Cybersecurity Windows 10 Passwords Data Management Internet of Things Gadgets Vulnerability Remote Monitoring Gmail App Word Artificial Intelligence Infrastructure Quick Tips Mobile Office Encryption Managed Service Apps Chrome Managed Service Provider Networking Access Control VPN BYOD Applications Router Money IT Support Website Company Culture Information Technology Save Money Tip of the week Employer-Employee Relationship Remote Workers Virtual Reality Settings Analytics Paperless Office Storage Government HIPAA BDR Computers IT Management Data Security Hacker Data storage YouTube Unified Threat Management Risk Management Virtual Private Network Display Office Tips Maintenance Collaboration Firewall WiFi Employee-Employer Relationship Robot Google Drive Content Filtering Big Data Bandwidth Automation Avoiding Downtime Antivirus Development Apple Education Software as a Service Break Fix Social Network Search SaaS Printing Wi-Fi Password Mobile Security Holiday Virtualization Data loss Business Technology Retail Alert Server Management Telephone Systems desktop Touchscreen Business Intelligence iOS Spam Computing Outlook Managed IT Bring Your Own Device Operating System Tablet LiFi Vendor Management Social Conferencing Monitors Hosted Solution Laptop Document Management Humor Managed Services Chromebook The Internet of Things Augmented Reality Best Practice MSP Administration Solid State Drive Mouse Two-factor Authentication Managing Stress Wireless OneNote End of Support Managed IT Service Data Breach Customer Relationship Management Scam Training Downtime Going Green IT Hard Disk Drive Marketing Windows 7 Remote Computing Cost Management Dell Google Wallet Onboarding GDPR Time Management Printer Identity Continuity Bitcoin Managed Services Provider Network Congestion Fraud Slack Hard Disk Drives COVID-19 Smart Office WannaCry Business Growth Print Toner Myths Black Friday Screen Reader Charging Cabling Writing Holidays Licensing Dongle Legal Content Huawei Servers Google Calendar Wires Google Maps Messaging Emergency Assessment Unified Communications Drones Digital Signage Data Warehouse Network Management Halloween Solar Windows 8 Entertainment Vendor Dark Web Distribution Monitoring Solid State Drives Remote Work Work Shortcuts Mobile Management Dark Data Cyber Monday Update Smart Tech Payment Card Cooperation Service Level Agreement Deep Learning Streaming Processor Legislation Voice over Internet Protocol Mobile Device Management Employee-Employer Relationships Hotspot Internet Exlporer Troubleshooting Business Analysis SharePoint Politics Scary Stories Compliance Digital Payment Hybrid Cloud Microsoft Excel Logistics Spying National Security Techology Work/Life Balance Running Cable IT Technicians Optimization Digital Alt Codes Security Cameras Profiles Customer Service Smart Technology Connectivity Disaster How To Lenovo Office Samsung Inventory Staff Leominster Human Error Memory Statistics Health Private Cloud Buisness Modem FinTech Analysis Students Asset Management Virtual Desktop Language Value Budget Virus Downloads Tech Support Sports Regulations Scalability Mail Merge Blockchain Updates VoIP Unified Threat Management Peripheral Mirgation Recycling Spyware Typing Utility Computing Shortcut Distributed Denial of Service IoT Uninterrupted Power Supply Mixed Reality Firefox Superfish Social Engineering Shadow IT K-12 Schools Computer Care IBM Device Reducing Cost Bluetooth Comparison Cookies File Sharing Current Events Memes Computing Infrastructure Professional Services LED Threats Websites Social Networking Migration Consulting Address Permissions PowerPoint User Error Chatbots eWaste Identity Theft Cryptocurrency Laptops Patch Management Star Wars Safety Gamification Cybercrime Wearable Technology Network upgrade Corporate Profile Google Docs Mobility Batteries Specifications Nanotechnology IT solutions Alerts USB G Suite Co-Managed IT Heating/Cooling Multi-Factor Security Motherboard Automobile Cables Hacks 3D Printing Supercomputer CrashOverride Cortana Staffing Motion Sickness Processors Taxes Machine Learning Administrator Web Server what was your? Unsupported Software IT Budget GPS Regulation IT Consultant Computer Repair Relocation Cameras Mobile Data How To Tracking Recovery Meetings Cleaning Mobile Computing CCTV Printers Black Market Law Enforcement Webcam Notifications Electronic Medical Records Physical Security Error Twitter Ben McDonald shares Upgrades Gadget Emoji Point of Sale Crowdsourcing Travel Financial Personal Information Botnet

What Our Clients Say

  • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
  • 1
  • 2
  • 3