As the first birthday of the General Data Protection Regulation (GDPR) approaches, many are questioning what impact the recent data law has had on countries, businesses, and individuals in the first year of operation.
The General Data Protection Regulation came into effect on 25th May 2018, with the purpose of preventing the misuse of customer data. It gives a measure of control to those whose data is held by organisations and businesses, and is intended to give individuals greater access to – and control over – the kind of information organisations hold, and includes the ‘right to be forgotten’.
Part of the controversy surrounding the act extends to its reach, and the heavy fines facing those who fail to comply. GDPR applies to any personal data collected from the EU territories; to both those inside the EU looking out, and those outside the EU looking in. As a result, several websites from non-EU countries were initially blocked to those attempting to access content from within EU jurisdiction.
On the anniversary of the Act coming into effect, there are still multiple websites – Chicago Tribune, New York Daily News, for example – still inaccessible from European locations. And whilst some electronic publications have adapted to the data requirements fully, others now offer a ‘European Edition’, which typically offer a reduced user experience. Will such a law ever find a US or global counterpart?
Meanwhile, some have fallen foul of the heavy fines promised for breaching the requirements – Google was recently fined for effectively ‘forcing consent’. The reported fines can total up to €20,000,000, or 4% of a company’s annual turnover. In the first year of regulation, an early figure from 8 months into enactment reported over 95,000 complaints – mostly pertaining to telemarketing, promotional emails, and CCTV/surveillance – 41,000 data breach notifications by companies (though some place this figure closer to 60,000, with 10,000 occurring in the UK), and over 90 fines issued for offences big and small.
In order to comply appropriately, organisations have 30 days to provide all the personal data they have collected from you. It should be provided in a ‘concise, transparent, intelligible and easily accessible form, using clear and plain language’, delivered in a commonly used electronic format. Many who have requested and received their data have found that the definition of ‘commonly used’ varies wildly, as does the clarity of the information.
Sharing the data is one thing, though unfortunately the sometimes muddled presentation of your data can create additional confusion for those unfamiliar with just what exactly it all means. This can cause problems for those hoping to make an informed decision regarding their data privacy. It has been suggested by some that, in order for GDPR to truly achieve its purpose, our data needs to be organised in such a way that allows sufficient interpretation by the layman.
Naturally, organisations from businesses to political parties have been seeking loopholes in the GDPR ruling. For example, several EU countries allow parties to collect personal data relating to political opinions without express consent of the individual. The exact interpretation of the data differs between countries, and the relevant data protection agencies have suggested loopholes such as this allow for greater data exploitation, rather than protection.
Furthermore, the regulation includes the broad and flexibly termed ‘legitimate interest’, which allows data to be collected without consent, if in the legitimate interests pursued by the controller or third party. Exactly what constitutes a ‘legitimate interest’ remains to be adequately defined, allowing for a variety of interpretations.
Amidst these teething problems, it is uncertain if the GDPR will grow into its intended role. However, if you would like to play a part in shaping its development, why not consider studying MSc IT Security Management, or MSc Data Analytics and IT Security Management?
MSc IT Security Management
With internet security becoming an increasing priority across most business sectors, graduates with skills in IT security management are in high demand around the world.
More insight from our blog
Subscribe to our newsletter
Be the first to know about our upcoming blogs