GDPR – Lessons learned at the one-year anniversary

Enforcement of the General Data Protection Regulation (GDPR) went into effect May 25, 2018. During this period European data protection authorities confirm that almost 90,000 separate data breach notifications have been received.

Note, that’s just the notifications received from organisations attempting to comply with the GDPR. They report that during the same year almost 145,000 complaints and inquiries have been reported by concerned citizens.

Several third-party investigations suggest that at least 100 organizations have paid fines for failing to fully comply with the regulation.

Lesson 1: It does not matter whether violations of the provisions of the GDPR are unintentional mistakes stemming from neglect, laziness, sloppiness, or ignorance. A violation for any reason is punishable and businesses had better take compliance with the GDPR seriously.

Lesson 2: Willful, deliberate, and blatant violations of the GDPR will receive the harshest of fines from European data protection authorities. Businesses who attempt to test the regulatory authorities will pay dearly for their arrogance.

Lesson 3: The provisions of the GDPR, particularly amongst citizens of the EU, are well-known. Individuals who feel those provisions have been violated are more than willing to report offending behaviour.

Lesson 4: Serious violations of the provisions of the GDPR are subject to fines. Timely reporting of security breaches to data protection authorities and quick action to reduce the risk of exposure of personal data could reduce levied fines significantly.