GDPR is a year old. How cute, I remember when we were all excited about it arriving, getting everything ready and all the fuss that was made. Now it’s had its first birthday and it is really starting to grow up.
Since its delivery, GDPR has quite rightly been all over the news. Big fines are starting to make big headlines. Google fro example, has been fined 50 million euro (£44m) by the French data regulator CNIL, for a breach of the EU’s data protection rules. CNIL said it had levied the record fine for “lack of transparency …
Most of the focus, however has been on business. It must do this. It must sort out its privacy policies, marketing preferences and cookies policies etc. to make sure that they are complaint with the law.
Yet the law wasn’t introduced to protect business but rather to protect the individual. Not enough coverage is given to the left hand side of the equation. GDPR is about the rights of individuals to privacy. It is about ensuring that there is a balance away from the abuses of the huge power that businesses can weald.
Research indicates that European citizens are generally happy with the General Data Protection Regulation while people in other parts of the world, including the United States have largely been left out of the regulatory extravaganza. EU citizens have lodged nearly 60,000 complaints, and the regulators in various countries have handed down some sizable fines and bigger fines are widely expected.
A survey by TrustArc found that 36% of British adults now have greater trust that their data will be managed appropriately. The TrustArc study also detected positive sentiment of GDPR enforcement activity, and found that nearly 60% of survey-takers are more likely to use websites that have a GDPR certification mark or seal.
GDPR is a good thing. It may be young and still yet to find its feet but it is here to stay. Over the coming years we will see many countries around the world emulating and building upon this legislation.