November 22, 2019
In the previous post, we gave a brief overview of the GDPR and how it might potentially affect you as a Singaporean business owner or company. It has been slightly over a year since it came into effect on the 25th of May 2018 - has it had its intended impact on the EU and data protection of its citizens?
Fun fact: the largest fine the GDPR commission has issued to date is 50 million Euros - if you’re wondering which company might be able to afford such a hefty sum, you probably wouldn’t be too surprised to know that it was Google, who the commission claimed did not gain proper consent to collect and use data. To give them due credit, this month they announced that they will only be holding location data on devices for a certain amount of time before it gets deleted.
The GDPR seems to have done its job for now, at least on the surface level - it has served as a wake-up call for many organisations, forcing them to step up their data privacy practices. At the same time, consumers are becoming increasingly aware of their rights to their own data. Unfortunately, just because they have the right to ask that their personal info be deleted if a company has no valid business reason to keep it doesn’t mean that it will necessarily be wiped off the face of the Earth - many companies hold on to secondary copies of data like snapshots, backups and archives, which might prove difficult to delete.
In January 2019, it was reported that only 59% of companies in the EU believed that they were GDPR-compliant. Cisco believes that being GDPR-compliant pays off in the long run, especially when data breaches occur. If companies already have the necessary security measures in place, they will be less likely to be breached. Even if there is a data breach, fewer records are affected on average and system downtime is shortened.
There are several other benefits, according to Cisco. Investing in data privacy has created business value for GDPR-compliant companies and has evolved into a crucial competitive advantage. It can help mitigate losses from data breaches and reduce sales delays from potential customers. Being GDPR-compliant could also be a sign of credibility to potential investors.
What lies ahead?
According to Gartner 2019 predictions (https://www.gartner.com/smarterwithgartner/gartner-predicts-2019-for-the-future-of-privacy/),by 2020 , the backup and archiving of personal data will represent the largest area of privacy risk for 70% of organisations, up from 10% in 2018. These companies will have to be more careful in their handling of data or run the risk of getting fined - for now, penalties have been relatively light to give everyone time to adjust and comply, but it is possible that they will only increase as data privacy becomes a top priority for all.
Regulators will start clamping down on organisations even before any security breaches - after all, prevention is better than cure, right? Organisations need to take the initiative to get their data management in order, as what used to be sufficient protection is now merely the most basic. While it might be tough having to meet new data security requirements, train staff and stay updated on the latest changes, their efforts will definitely pay off in the long run.