A year ago, the General Regulations on Data Protection, also known as GDPR, came into effect. It was on May 25, 2018. So what about it today? Let’s take advantage of this anniversary date to take stock of the security and confidentiality of personal data.
Small, medium and large companies all involved
More and more digital, the personal data is key nowadays. The company wants to capture and value it because it is a real strategic asset. The client wants to protect it to control the use that is made of it.
These are the reasons – operational efficiency and the protection of privacy – why regulators ensure and oversee the processing of personal data. Thus, every company, whatever its structure, size or sector of activity is concerned by the GDPR.
A huge amount of work and an unprecedented awareness
Remember: A few months before the GDPR came into effect, only 1/3 of the companies said they were already compliant, or about to be, according to the report published by Crowd Research Partners in 2017. For 70% companies, there was still work to do.
Significant financial resources have been committed to take the path of compliance. According to IAPP-EY’s 2018 report, an average of $ 1.3 million was spent on privacy protection.
But, well beyond the numbers, the GDPR has had a considerable effect. It provoked an unprecedented awareness of the protection of personal data. And this is the case, not only for businesses, but also for consumers. Thus, six months after its implementation, 66% of French people said they were more sensitive to data protection (CNIL survey / FIFG, October 2018).
Fines are coming!
The penalties planned by the GDPR are extremely dissuasive, and several companies have already paid for them. This is the case for multinationals or smaller companies, the intransigence is in order. If you go looking for trouble you’ll find it! Thus, among the direct consequences, the most painful is the financial penalty. But it is not the only one…
An essential for customer trust
The proper management of personal data is essential to retain customers. If there is a failure and data is lost / stolen / accidentally disseminated, the reputation of the company is seriously affected. And, remember, customer trust is gradually won, but can be lost instantly.
A global awareness
The influence of the GDPR outside the European Union has been steadily increasing for a year. Thus, many countries in Africa and South-East Asia are implementing laws on the protection of personal data, especially in the case of business with the EU. The Indian Parliament is discussing legislation inspired by the GDPR, while South Korea is updating its legislation on the protection of personal data.
Progress that is still insufficient
Certainly, things are moving and companies are implementing data protection strategies: from collection, processing, and storage. However, and quite logically, much remains to be done after one year.
The European Commission published some key information in January 2019:
- In total, more than 95,000 complaints were filed in one year.
- Telemarketing, promotional email and video surveillance were the three activities that attracted the most complaints.
- The biggest fine, 50 million euros, was charged to Google.
In conclusion, the GDPR has moved the lines of protection of personal data. People have become aware of the inherent risks and companies are learning to manage them better. It’s a collective awareness. However, the latest IAPP-EY report indicates that 50% of companies are not yet fully compliant with the GDPR, and 20% believe that perfect compliance is impossible. We shouldn’t forget that the protection of personal data also passes your CRM software 🙂