How Well Are We Adjusting to GDPR?

Enough time has passed since the General Data Protection Regulation (GDPR) came into effect, allowing GDPR-relevant people whose personal data is being collected, held or processed time to exercise their rights and clear their inboxes of privacy-update emails. For Data Protection Authorities (DPAs), the past few months have yielded a list of companies suspected of not meeting GDPR-mandated requirements, primarily due to data-subject complaints, data-breach violations by the data controller and data-breach violations by subprocessors. Being placed on the investigation list is a fear for global companies because of the potential to incur very strict fines and the risk of a negative impact on the company’s reputation.

The data-subject rights mandated by GDPR expose how companies are able to eradicate, amend and summarize specified personal information while also providing services tailored to data subjects who do not authorize their consent. If a data subject decides to exercise his or her rights and the company cannot meet the GDPR requirements, the company is in violation and may be placed under investigation.

Besides the failure to fulfill requests for data-subject rights, companies face the threat of DPA investigation when the data controller fails to notify the correct supervisory authority, or the data processor fails to notify the respective data controller, within 72 hours of validating a data breach. This issue is more widespread than one might imagine, as over 1,100 failure-to-notify alerts and data-subject complaints were reported to the U.K. information commissioner’s office during just the first few weeks GDPR was in effect.

The EU member-state report noted that Ireland received the highest number of criticisms, with 547 data breaches and 386 complaints. Sweden, by contrast, received only two complaints. (The discrepancy in the number of reported complaints each EU state receives is dependent on factors such as citizen awareness and perception, resource availability, and even method of complaint.)

In addition to providing data subjects the right to file a complaint with a DPA, GDPR offers the private right to action, which includes enacting class-action lawsuits against corporations, a method of exercising rights that was not previously available. Allowing data subjects to bypass the DPA and develop a group lawsuit significantly increases the impact of one complaint and creates power in numbers.

As time passes and the novelty of the regulation subsides, global companies will be able to further gauge the necessity of making preparations and taking precautions, recognize the primary violation channels, and realize what it will take to meet GDPR requirements going forward.

Tap into Protiviti’s GDPR resources and bookmark the page for future updates.

Katie Stevens

Director
Security and Privacy

Teri Dye

Senior Consultant
Technology Consulting

Subscribe to Topics

Protiviti is a Security Customer Champion award finalist in the @msftsecurity Excellence Awards. We are honored to join a group of industry leaders that demonstrated success across the security landscape over the past 12 months. https://ow.ly/yaHQ50R4won #MSPartner #MISA

Is your organization prepared to keep up with the ever-changing #DataPrivacy and protection regulatory landscape? Our latest insights paper can catch you up to speed: https://ow.ly/pept50QXRZS #ProtivitiTech

Mark your calendars for Protiviti’s 2024 Data Privacy and Protection webinar series. On April 25, learn how to enhance #ConsumerTrust through the user experience. On May 2, navigate the complexities of #DataGovernance in a global context. Register today! https://ow.ly/qF6a50QXOnr

Protiviti helped a #Manufacturing client realize enhanced data quality and a robust data governance program after upgrading to #SAP s/4 HANA, positioning the client for global transformation and continued success. https://ow.ly/T99450QXOGY #ProtivitiTech

Particle Physicist Dr. Harry Cliff joins The Post-Quantum Podcast to explain how #QuantumComputers can simulate particle interactions, how they can handle mind-boggling amounts of data, and his new book, Space Oddities. Listen now! https://ow.ly/i1vw50QXQng #ProtivitiTech

Load More