How Well Are We Adjusting to GDPR?

Enough time has passed since the General Data Protection Regulation (GDPR) came into effect, allowing GDPR-relevant people whose personal data is being collected, held or processed time to exercise their rights and clear their inboxes of privacy-update emails. For Data Protection Authorities (DPAs), the past few months have yielded a list of companies suspected of not meeting GDPR-mandated requirements, primarily due to data-subject complaints, data-breach violations by the data controller and data-breach violations by subprocessors. Being placed on the investigation list is a fear for global companies because of the potential to incur very strict fines and the risk of a negative impact on the company’s reputation.

The data-subject rights mandated by GDPR expose how companies are able to eradicate, amend and summarize specified personal information while also providing services tailored to data subjects who do not authorize their consent. If a data subject decides to exercise his or her rights and the company cannot meet the GDPR requirements, the company is in violation and may be placed under investigation.

Besides the failure to fulfill requests for data-subject rights, companies face the threat of DPA investigation when the data controller fails to notify the correct supervisory authority, or the data processor fails to notify the respective data controller, within 72 hours of validating a data breach. This issue is more widespread than one might imagine, as over 1,100 failure-to-notify alerts and data-subject complaints were reported to the U.K. information commissioner’s office during just the first few weeks GDPR was in effect.

The EU member-state report noted that Ireland received the highest number of criticisms, with 547 data breaches and 386 complaints. Sweden, by contrast, received only two complaints. (The discrepancy in the number of reported complaints each EU state receives is dependent on factors such as citizen awareness and perception, resource availability, and even method of complaint.)

In addition to providing data subjects the right to file a complaint with a DPA, GDPR offers the private right to action, which includes enacting class-action lawsuits against corporations, a method of exercising rights that was not previously available. Allowing data subjects to bypass the DPA and develop a group lawsuit significantly increases the impact of one complaint and creates power in numbers.

As time passes and the novelty of the regulation subsides, global companies will be able to further gauge the necessity of making preparations and taking precautions, recognize the primary violation channels, and realize what it will take to meet GDPR requirements going forward.

Tap into Protiviti’s GDPR resources and bookmark the page for future updates.

Katie Stevens

Director
Security and Privacy

Teri Dye

Senior Consultant
Technology Consulting

Subscribe to Topics

Many often overlook the potential impact—both positive and negative—a #TechnModernization project can have on operational #resilience. #ProtivitiTech's Kim Bozzella shares her thoughts with #Forbes Technology Council. https://ow.ly/1FLA50TYIaE

Establishing a scalable #AI #governance framework is crucial for balancing innovation with #risk and #compliance. Dive into our latest ebook, co-authored with #OneTrust, to explore key steps and technologies that will elevate your AI governance strategy. https://ow.ly/QqKy50TVUx3

News reports implied that China has managed to break "military grade" encryption using quantum computers. But the truth is more complicated than that. Protiviti's #quantum expert Konstantinos Karagiannis explains it all to #VISIONbyProtiviti. https://ow.ly/Zb9z50TWNuh

The #IIoT can help organizations collect and analyze data to optimize operations and maximize resources. #ProtivitiTech's Kim Bozzella details how IIoT can yield benefits for businesses and the people they serve with #Forbes #Technology Council. https://ow.ly/V5I250TVLAj

Protiviti has earned the AWS DevOps Competency, which complements our existing Migration and Security Competencies. These competencies reflect Protiviti's ability to deliver comprehensive AWS system integration services. https://ow.ly/Baj550TWR9I

#AWSDevOps #AWSCloud #AWS

Load More