How Well Are We Adjusting to GDPR?

Enough time has passed since the General Data Protection Regulation (GDPR) came into effect, allowing GDPR-relevant people whose personal data is being collected, held or processed time to exercise their rights and clear their inboxes of privacy-update emails. For Data Protection Authorities (DPAs), the past few months have yielded a list of companies suspected of not meeting GDPR-mandated requirements, primarily due to data-subject complaints, data-breach violations by the data controller and data-breach violations by subprocessors. Being placed on the investigation list is a fear for global companies because of the potential to incur very strict fines and the risk of a negative impact on the company’s reputation.

The data-subject rights mandated by GDPR expose how companies are able to eradicate, amend and summarize specified personal information while also providing services tailored to data subjects who do not authorize their consent. If a data subject decides to exercise his or her rights and the company cannot meet the GDPR requirements, the company is in violation and may be placed under investigation.

Besides the failure to fulfill requests for data-subject rights, companies face the threat of DPA investigation when the data controller fails to notify the correct supervisory authority, or the data processor fails to notify the respective data controller, within 72 hours of validating a data breach. This issue is more widespread than one might imagine, as over 1,100 failure-to-notify alerts and data-subject complaints were reported to the U.K. information commissioner’s office during just the first few weeks GDPR was in effect.

The EU member-state report noted that Ireland received the highest number of criticisms, with 547 data breaches and 386 complaints. Sweden, by contrast, received only two complaints. (The discrepancy in the number of reported complaints each EU state receives is dependent on factors such as citizen awareness and perception, resource availability, and even method of complaint.)

In addition to providing data subjects the right to file a complaint with a DPA, GDPR offers the private right to action, which includes enacting class-action lawsuits against corporations, a method of exercising rights that was not previously available. Allowing data subjects to bypass the DPA and develop a group lawsuit significantly increases the impact of one complaint and creates power in numbers.

As time passes and the novelty of the regulation subsides, global companies will be able to further gauge the necessity of making preparations and taking precautions, recognize the primary violation channels, and realize what it will take to meet GDPR requirements going forward.

Tap into Protiviti’s GDPR resources and bookmark the page for future updates.

Katie Stevens

Director
Technology Consulting – Security and Privacy

Teri Dye

Senior Consultant
Technology Consulting

Subscribe to Topics

As technology needs become more complex and expensive, companies are increasingly turning to Application Managed Services (AMS) to manage their business intelligence platforms. Our SAP blog explains the benefits.

http://ow.ly/tirf50Bzp3X
#SAPblog #ApplicationManagedServices #AMS

For any organization functioning in today’s digital landscape, data breaches are inevitable. Join our experts as they walk through three possible attack scenarios. #PROwebinar 10/1 from our #TechInsights series http://ow.ly/Sbjs50BzxF5 #cybersecurityawarenessmonth #BeCyberSmart

As technology needs become more complex and expensive, companies are increasingly turning to Application Managed Services (AMS) to manage their business intelligence platforms. Our SAP blog explains the benefits.

http://ow.ly/tirf50Bzp3X
#SAPblog #ApplicationManagedServices #AMS

As part of National Preparedness Month, our Technology Insights blog details one possible solution to data management and recovery. Read part 1 at http://ow.ly/YtSc50BzojX

#TechnologyInsights #BCM #BusinessContinuityManagement #NationalPreparednessMonth #DataManagement

What is the value-add for incorporating SAP SAC planning into your FP&A Process? National Vision partnered with @Protiviti to use this approach to increase efficiency in its #FinancialPlanning cycle, with exceptional results http://ow.ly/fQku50BBJdU @NVIofficial #SAP #SAC

Load More...