A year ago, the General Regulations on Data Protection, also known as GDPR, came into effect. It was on May 25, 2018. So what about it today? Let’s take advantage of this anniversary date to take stock of the security and confidentiality of personal data.
More and more digital, the personal data is key nowadays. The company wants to capture and value it because it is a real strategic asset. The client wants to protect it to control the use that is made of it.
These are the reasons – operational efficiency and the protection of privacy – why regulators ensure and oversee the processing of personal data. Thus, every company, whatever its structure, size or sector of activity is concerned by the GDPR.
Remember: A few months before the GDPR came into effect, only 1/3 of the companies said they were already compliant, or about to be, according to the report published by Crowd Research Partners in 2017. For 70% companies, there was still work to do.
Significant financial resources have been committed to take the path of compliance. According to IAPP-EY’s 2018 report, an average of $ 1.3 million was spent on privacy protection.
But, well beyond the numbers, the GDPR has had a considerable effect. It provoked an unprecedented awareness of the protection of personal data. And this is the case, not only for businesses, but also for consumers. Thus, six months after its implementation, 66% of French people said they were more sensitive to data protection (CNIL survey / FIFG, October 2018).
The penalties planned by the GDPR are extremely dissuasive, and several companies have already paid for them. This is the case for multinationals or smaller companies, the intransigence is in order. If you go looking for trouble you’ll find it! Thus, among the direct consequences, the most painful is the financial penalty. But it is not the only one…
The proper management of personal data is essential to retain customers. If there is a failure and data is lost / stolen / accidentally disseminated, the reputation of the company is seriously affected. And, remember, customer trust is gradually won, but can be lost instantly.
The influence of the GDPR outside the European Union has been steadily increasing for a year. Thus, many countries in Africa and South-East Asia are implementing laws on the protection of personal data, especially in the case of business with the EU. The Indian Parliament is discussing legislation inspired by the GDPR, while South Korea is updating its legislation on the protection of personal data.
Certainly, things are moving and companies are implementing data protection strategies: from collection, processing, and storage. However, and quite logically, much remains to be done after one year.
The European Commission published some key information in January 2019:
In conclusion, the GDPR has moved the lines of protection of personal data. People have become aware of the inherent risks and companies are learning to manage them better. It’s a collective awareness. However, the latest IAPP-EY report indicates that 50% of companies are not yet fully compliant with the GDPR, and 20% believe that perfect compliance is impossible. We shouldn’t forget that the protection of personal data also passes your CRM software 🙂