GDPR anniversary: One year on, have we actually gotten any better at compliance?

Now that the dreaded GDPR implementation date is one year behind us, we take a look at why organisations are still struggling with GDPR and where improvements can be made

The issue of privacy - and the degree to which an organisation should be responsible for the collection and use of customer data - have been areas of hot debate within the enterprise space over the past 5 years. We now live in a universally pervasive privacy culture, where consumers are increasingly aware of their digital rights, while having every inclination to enforce them. One of the tipping points in this process of global privacy awareness and enforcement was, of course, the General Data Protection Regulation (GDPR) laws, which came into force in the EU exactly one year ago tomorrow.

One year on, GDPR is still the most robust set of laws governing the use of personal data by both public and private organisations in the world. It started somewhat of a privacy revolution, with many major organisations visibly getting their ducks in a row, with a flood of consent-seeking emails hitting consumer inboxes, and basically every data-collecting website on the internet asking for consent to use your data upon landing.

It started a conversation, and fundamentally changed the way organisations from around the world collect, manage, and process personal data, as of course, it doesn't only affect those companies based in the EU.

The state of GDPR compliance now

While GDPR affects any organisation that processes data from EU residents, it also spurred many other countries to enact their own laws, with one of the more notable being the US State of California's Consumer Privacy Act (or CCPA). Providing an additional spotlight to the issue of privacy have been the various gaffes of some major organisations, such as Facebook's Cambridge Analytica scandal and indeed Google's huge GDPR fine.

However, while there is more consumer awareness of privacy issues globally, there are still considerable struggles for a lot of organisations trying,  and in many cases failing, to become GDPR compliant as the deadline came and went.  Unfortunately, this also doesn't seem to have changed all that much in the year since the regulation was implemented. In some cases, non-compliance doesn't just manifest in the management of data in one or two hard-to-reach systems or in the fine print of a privacy policy, it manifests in complete disregard for the laws themselves.

At a media roundtable event taking place in Gothenburg, Sweden, NTT Security presented research from just before GDPR went into effect, showing that fewer than half of those surveyed in Europe believed that GDPR applied to them. While these figures are sure to have increased since, NTT still says there is still a definite sense of disregard toward the laws.

To continue reading this article register now