6 months plus after GDPR so where are we now?

January 17, 2019
by Corey Lillicrop

 

May 25th – the date on which Star Wars was first shown in movie theatres around the world. It’s spawned a wide range of sequels, tens of thousands of people now declare themselves as “Jedi” on the census, and it’s made an impact on society as a whole ever since. That’s how we here at Rymote like to remember May 25th – that and, of course, the birthday of former Newcastle United wunderkind Demba Ba.

There is another side to May 25th though. On May 25th, 2018, the General Data Protection Regulation came into force in the UK and across 27 other EU countries. Like Star Wars, we’re pretty certain that there’ll be sequels to this and we can already see the impact it’s had on businesses internally so far ever since it became the law. Unlike Star Wars though, we don’t think tens of thousands of people will fill in their census forms with “Data Controller” however in the future.

How’s it been? How’s it been for you and your company? For most of us, it’s probably been a bit like the Millennium Bug – a seeming looming apocalypse quickly supplanted by a rather silent whimper. But we’re only six months or so on from its introduction so what do we need to know now in January 2019?

What was all the fuss about?

In fairness, there was a lot to get fussed about across nearly every business sector from law to estate agencies to recruiters and even to hotels. GDPR has delivered the following:

  • data processing – that has become a lot harder
  • much of the data you previously used to run your business may no longer be compliant meaning that many marketing departments have had to refocus their efforts – at a cost
  • a creeping fear that we’ll be subject to a data breach by a cyber attacker and the subsequent complex and potentially very costly consequences of such a breach

GDPR gave businesses a lot to think about – but has much actually happened yet?

Quiet so far, but for how much longer?

You may have remembered a story back in the July 2018 regarding the successful hacking into a ticketing agency’s customer database. Ticketmaster followed the rules, reporting the breach to both the Information Commissioners’ Office (ICO) and direct to the clients it thought it had affected.

As promised, the ICO didn’t go after each breach with passion and vigour last year as it publicly stated it wouldn’t. The reason behind this approach was that the regulator decided that businesses needed time to get ready for it. However, Hayes Connor Solicitors saw an opportunity to launch a class action against Ticketmaster so, while the public sector stepped back, the private sector took the lead, so to speak.

For the ICO, the kid gloves might be about to come off too. Alison Schiff of Ad Exchanger warns that “freight trains take time to build steam” – her choice of metaphor for GDPR in 2019. She reports that the ICO recorded a record surge in complaints during the summer after the introduction of GDPR of 160% and, as shown by Hayes Connor Solicitors, “consumer advocacy groups are also filing complaints on behalf of consumers, primarily directed at the big tech set, under a new collective redress or class action mechanism introduced through Article 80 of the GDPR.”

Ms Schiff also quotes Omer Tene, VP and chief knowledge officer at the International Association of Privacy Professionals, who believes that it will several months after introduction before “enforcement comes into focus.”

Only three public fines have been levied across the EU, according to The Register. The UK’s first and only one was a “damp squib” according to author Rebecca Hill, referring to the demand issued to “Canadian data-slurpers AIQ to wipe data from its system,” a judgement which was later softened further on revision.

-+’s Jake Moore believes that cybercriminals will now become bounty hunters and that more and more companies will opt to pay ransom demands to have their data released back to them because it is likely to be less than the maximum fine imposed by the ICO.

Winners from GDPR

The very public adoption of GPPR across the EU certainly has raised awareness among citizens of their rights over data relating to themselves. Do you remember the two or three months prior to May 25th when every other email we all seemed to receive was one company or another asking us for permission to stay in touch after GDPR-day?

It turns out that most of those emails were never needed because the ability to contact customers and enquirers with commercial messages was a “legitimate interest” under GDPR rules. Many companies ended up trashing valuable data they had worked hard to build up for years when they didn’t need to.

However, there is an upside. Companies seen to be taking their customers’ personal details seriously will be the long term winners out of this. After all, if your personal and professional details were stored on a law firm’s computers and they were hacked, do you think you could ever trust that firm again? GDPR over time should thin the herd in most sectors forcing survivors to be constantly vigilant in employing best practice.

Want help with the cybersecurity aspects of GDPR?

As each year passes, more and more companies are using the cloud and internet-based services not only to power their IT systems and business process but to store sensitive customer data online. The benefits are obvious – workforces are more mobile and flexible than ever before and we’re able as businesses to improve our customer service proposition by not only welcoming customers to our premises but by visiting customers in their offices.

However, the proliferation of cloud-based services, bring-your-own-device policies, and the reliance on the highly insecure public WiFi network has left us all much more vulnerable to cyberattackers. Speak to Rymote about our monitoring solution which gives you and your team ongoing visibility into the security and performance of your network equipment. Should a problem arise, you’ll receive an early warning about it in most cases and, with our help, be able to nip any cybersecurity-related GDPR and data privacy issues in the bud.

Want to speak to the Rymote team?. We’d love to hear from you. Please call 0191 580 8856 or email us at hello@rymote.com.