By Nikhil Sonawane - May 24, 2023 6 Mins Read
This month marks the fifth anniversary of the European Union’s General Data Protection Regulation (GDPR). The European Union adopted this legislation in 2016. It was officially enforced on 25th May 2018 to govern the utilization of data companies in European and non-European regions that gather, store, and process data of European citizens.
According to a report by DLA Piper titled “GDPR fines and data breach survey: January 2021,” approximately USD 332.4 million of fines have been imposed for multiple infringements through data protection laws. Most European citizens consider GDPR enforcement a historical moment that would protect their privacy rights.
“The EU’s GDPR has had a tremendous impact on how organizations around the globe handle personal user data since the regulation was enacted five years ago. The threat of substantial fines including the almost €3 billion levied since the regulation went into effect has forced companies to take privacy and security more seriously. And the impact is not just contained within Europe; GDPR has inspired over 100 other regional privacy standards, including those in many of the individual US states,” says Michael Covington, VP of Strategy at Jamf.
Even though GDPR is popularly known as the European Union’s biggest accomplishment, a few industry veterans were skeptical about its enforcement. Because of the ambiguity of the legislation, various businesses were confused about the compliance policies, despite being enforced, since a few organizations are still skeptical about the law’s negative impacts on business scalability and innovation.
GDPR compliance laws are an attempt by regulators to regulate data usage. Since the enforcement of GDPR, it has become a ‘gold standard’ for protecting users’ privacy because of its stringent nature. Overstating the consequences and impact in the European region and other countries can be challenging.
As GDPR is celebrating its fifth anniversary this year, let’s look at its five years journey so far.
Also Read: Reasons to Use ERP Systems in Businesses
To ensure GDPR compliance, organizations should adhere to multiple rules, such as taking the user’s consent, including privacy in design, and notifying the user in case of a breach. The data legislation includes multiple user rights regarding how organizations can access and control data. Laws in this data privacy legislation include the right to be forgotten and data portability.
As per the GDPR legislation, every member state needs to assign a Data Protection Authority (DPA) responsible for monitoring and enforcing the law. Even after five years, there are multiple challenges to enforcing the laws. But implementing GDPR has helped to improve security practices.
GDPR restricts gathering data about ethnicity, caste, sexuality, political opinions, and others under prevailing circumstances. A few non-profit organizations and public authorities have exceptions for gathering such information for archival or record-keeping purposes.
Some exceptions to this rule are n collecting information for archiving or recording.
GPDR applies to all the people staying in the European Union member counties. All organizations conducting their businesses in the EU must comply with GDPR. Additionally, even if the organization is not based in the EU but has, a client base in EU has to comply with the sets of laws imposed by the regulatory authorities.
For instance, if an enterprise offers products or services to clients in Spain but operates out of America has to comply with GDPR.
Also Read: Key Developments for Organizations
The fines imposed by the regulatory body are effective, proportionate, and dissuasive for every individual case. The authorities have a standard catalog of criteria before deciding whether and what penalty level needs to be imposed.
For severe violations that fall under Art. 83(5) of GDPR, the fine framework imposed can be approximately 20 million euros, or up to 4 % of their entire global turnover of the previous fiscal year, whichever comes higher.
For less severe violations that fall under Art. 83(4) of the GDPR can impose fines of approximately 10 million euros, or up to 2% of its total turnover worldwide of the previous fiscal year, whichever is higher. The Enforcement Tracker can offer a holistic view of all the reported fines and penalties that the data protection authorities within the European Union have levied so far.
The consistency mechanism of GDPR needs a supervisory authority in the Member country where the organization has established its main headquarters to take the lead on all privacy-related concerns. Not all member states have a supervisory authority to take a lead on all privacy-related issues.
Another challenge for GDPR regulators is the difference between their resources and the organizations. The regulatory body has restricted resources, while large enterprises have more revenue and better resources. These big organizations are exploring identifying the system loopholes in the legal proceeding and making appeals to minimize their fines.
With tremendous enforcement challenges to enforcing GDPR, the regulatory bodies are evolving their laws to strengthen the users’ right to privacy and penalize the organizations that do not comply with the laws. Other countries must also establish and enforce similar laws to ensure better compliance.
The enforcement of GDPR improves an organization’s security practices and strengthens users’ right to privacy. EU’s regulatory bodies are still struggling with regional inconsistencies. They need more resources to meet the increasing number of requests.
Check Out The New Enterprisetalk Podcast. For more such updates follow us on Google News Enterprisetalk News.
Nikhil Sonawane is a Tech Journalist with OnDot Media. He has 4+ years of technical expertise in drafting content strategies for Blockchain, Supply Chain Management, Digital Transformation, Artificial Intelligence, Big Data, SaaS, PaaS, cloud computing, Data analytics, Enterprise Resource Planning (ERP) solutions, and other emerging enterprise technologies and trends.With eclectic experience in working and writing about complex enterprise systems, he has an impressive track record of success. Through his specialized knowledge of thoughtful and compelling writing styles, he covers a wide range of topics that delve into organizational effectiveness, successful change, and innovation management.His Commitment to ongoing learning and improvement helps him to deliver thought-provoking insights and analysis on complex technologies and tools that are revolutionizing modern enterprises.He brings his eye for editorial detail and keen sense of language skills to every article he writes. If traveling was free, it would have been difficult to trace him.
A Peer Knowledge Resource – By the CXO, For the CXO.
Expert inputs on challenges, triumphs and innovative solutions from corporate Movers and Shakers in global Leadership space to add value to business decision making.
Media@EnterpriseTalk.com