One Year into GDPR, Many Organisations Are Still Not Compliant

One year after the “fever” called GDPR passed by, many took measures to comply with the regulation, some, however, chose to stand idly by and wait to see what will happen. It is not rare to open a company website to discover that their Privacy policy still revolves around measures implemented by the Data Protection Act 2003 or that US/Australian companies still resist hiring an EU Representative.

What the Numbers Say

The GDPR came into effect on May 25, 2018, last year, affecting how organisations use, store, transmit and process the personal data of EU residents. Organisations worldwide involved in any of those actions had to respond accordingly by reviewing, revising and updating relative policies and procedures in accordance with the new requirements. As you’re probably familiar violations of GDPR carry fines up to €20 million, or 4% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher. So twelve mounts later why are some organisations still struggling to meet their compliance obligations?

  • A survey by  IT Governance reveals that, as of December 2018, 71% of organisations are still not GDPR compliant.
  • Another survey, conducted in March 2019 by NCipher Ponemon on encryption trends, shows that only 45% of IT companies have implemented “appropriate measures” under the form of encryption.
  • What’s even more shocking is that 25 of 28 official EU government websites may not even be GDPR compliant per a March 2019 Cookiebot report.
  • 56% of UK businesses admitted that they had failed to request consent to store sensitive data and 16% said they had knowingly ignored subject access requests – from a survey by CybSafe.

Read more: Ad Tech Companies Track EU Users Visiting EU Government Websites

If we have to summarise this first year of GDPR, we could conclude that this first year was relatively quiet regarding activity to enforce the regulation. None of the imposed fines hit the promised maximum of €20 million. As a whole, this year has been one of learning and continuing to ramp up to full enforcement as precedents from regulators are set. At the same time, it will be totally wrong to conclude that the regulators are not going to enforce the GDPR in its full force. What we’re seeing now is an effort to enforce the right approach and advice rather than just slapping organisations with crippling fines.

Fines for the Non-Compliant

Fines are the ultimate result of non-compliance and organisations around the globe need to be aware of the travails of the unfortunate few who have felt the fallout from the GDPR hammer coming down.

The first major fine was issued in Portugal for the amount of €400,000. The recipient was a Portuguese for non-compliance with the EU GDPR by not separating access rights to patients’ clinical data.

Read more: Portuguese Hospital Fined €400,000 for GDPR Non-Compliance

At least 91 fines were served up during the first eight months of the regulation. In the end, the total penalties imposed under the statute added up to €55,955,871 which might sound impressive if you don’t take into account that Google’s €50 million fine by the French DPA for using personal data inappropriately is responsible for 90% of that amount.

Read more: French DPA Fines Google $57 Million for GDPR Violations

More importantly, the Google case highlighted that product design and consent are key components of GDPR compliance – not just how you respond to a data breach or manage cookies. Additionally, while Ireland might be the EU business headquarters for many tech giants, EU regulators view the location where privacy decisions are made as paramount when determining jurisdiction. As a result, regulators can still take action against non-compliant organisations even if their headquarters are not situated in that jurisdiction.

Why the GDPR Applies To Your Organisation

One big misconception surrounding the GDPR is that if your organisation isn’t in the EU the law doesn’t apply to you. This might as well be the case, but be mindful that if your organisation might interact with an EU resident and collect data during that interaction, then GDPR is something you need to be aware of.

Investment in compliance efforts can be costly and time-consuming for organisations. But it’s important to keep in mind that since privacy and security are closely related, the primary business advantage for comprehensive GDPR implementation is consumer trust. Risking non-compliance might lead to reputational and brand damage which occur with any data breach. You expose your organisation and it’s compliance flaws to public scrutiny and your efforts to secure a user’s personal data will always be questioned.

Now that you’re aware of the risks you might as well take the first steps in your compliance journey and what better way to start than with an all-in-one tool for GDPR compliance!

Whether you need an informational guide to GDPR specifics, a staff training solution or a full set of template documents that you can use as your own, GDPR Toolkit is the right choice for your business! 

1,749 thoughts on “One Year into GDPR, Many Organisations Are Still Not Compliant

  1. IBM Stock Price Today says:

    Hey! Someone in my Myspace group shared this site with us so I came to check it out. I’m definitely loving the information. I’m bookmarking and will be tweeting this to my followers! Exceptional blog and wonderful design and style.

  2. all fiat currencies fail says:

    I’m impressed, I must say. Really rarely do I encounter a blog that’s each educative and entertaining, and let me inform you, you’ve got hit the nail on the head. Your thought is excellent; the problem is something that not enough people are speaking intelligently about. I’m very pleased that I stumbled throughout this in my seek for one thing relating to this.

  3. purchase cialis says:

    never mall [url=http://cialislet.com/#]tadalafil without
    a doctor’s prescription[/url] together tension automatically thought ahead cheap
    cialis super active totally individual [url=http://cialissom.com/#]cheap cialis 5mg[/url] briefly serve otherwise island
    physically india cialis generic moreover candy http://cialissom.com/

  4. my response says:

    Hmm it looks like your blog ate my first comment (it was extremely long) so I guess I’ll just sum it up what I wrote and say, I’m thoroughly enjoying your blog. I too am an aspiring blog writer but I’m still new to the whole thing. Do you have any suggestions for novice blog writers? I’d genuinely appreciate it.

  5. moving says:

    You made some decent factors there. I regarded on the web for the difficulty and found most individuals will associate with along with your website.

  6. 바카라사이트 says:

    I am extremely inspired together with your writing talents and also with the structure for your weblog. Is this a paid subject matter or did you modify it your self? Either way keep up the excellent high quality writing, it is rare to see a nice blog like this one nowadays..

  7. 퍼스트카지노 says:

    A person essentially help to make seriously posts I would state. This is the very first time I frequented your website page and thus far? I surprised with the research you made to make this particular publish extraordinary. Wonderful job!

  8. 바카라사이트 says:

    What i don’t understood is in reality how you’re now not actually much more smartly-liked than you may be right now. You are very intelligent. You know therefore significantly in the case of this matter, produced me personally imagine it from numerous varied angles. Its like women and men are not involved unless it’s one thing to do with Lady gaga! Your own stuffs excellent. Always maintain it up!