Can you believe it’s been a year?
Twelve months have passed since GDPR was enforced, and since May 25, 2018, much has happened. Privacy awareness with data subjects has grown.
Businesses and organisations have grown from the need to reach a deadline, to maturing into creating sustainable ways to incorporate privacy into everyday operations.
With a full year of GDPR behind us, we’ve seen privacy work become more intricately involved with business processes. It touches more stakeholders internally and externally, while even increasing business opportunity.
Privacy work is not always easy, as we’ve seen.
It requires a thought-through privacy program and the active participation of stakeholders in the organisation.
As our own software has matured, along with our customers’ needs, we see the clear need to incorporate privacy work into everyday operations, as well as making sure the right people in the organisation are involved – and motivated – to participate.
Companies and regulators alike have worked hard to prepare for and implement GDPR requirements.
Both saw increases in staff and resources. Both face mounting challenges from an influx of complaints, data breach notifications, fines and DPO registrations.
IAPP has reported interesting figures from the first year of GDPR, let’s have a look at some of them.
According to their research, an estimated 500,000 organisations have registered DPOs across Europe. This is a fascinating number, especially considering IAPP’s 2017 prediction that there would be an estimated need of 75,000 DPOs – worldwide.
Additional figures include:
- 89,000+ data breach notifications,
- 144,000+ individual complaints (including access requests, right to erasure, unfair processing, unwanted marketing and employee privacy),
- 56+ million euros in fines since last year alone from GDPR enforcement actions,
These are interesting figures indeed, and point to both the mobilisation of organisations, as well as data subjects.
So, what’s next?
Awareness is growing and privacy programs are maturing. We’ve seen businesses move from ‘fixing GDPR’ to sustaining privacy programs for the long term.
Empowering individuals and businesses will be of equal importance. Yet, data protection and privacy matters are still due to go mainstream. This is true both for data subjects in truly understanding their rights, as well as businesses ensuring proper training and implementation in the organisation.
In the coming months, we might expect more regulatory guidance – and focus on – other privacy topics as well, such as subject access requests and rights, privacy UX and digital marketing matters.
As for us, we look forward to keep helping businesses create sustainable privacy programs in the second half of 2019, and beyond.