Update on GDPR - 1 Year In
Author: Joakim Thorén, CEO
It's been just over a year since the General Data Protection Regulations (GDPR) were enacted, and a lot has happened in the past 13 months. Since its inception on May 25, 2018, the EU has processed 206,326 GDPR violation instances, ranging from complaints, data breach notifications and other potential issues. Supervisory Authorities from 11 EEA countries imposed a total of €55,955,871 in fines to date. Still, the fines are not ubiquitous: countries including Belgium, Croatia, the Czech Republic, Denmark, Finland, Ireland, Italy, Luxembourg, Slovakia, Slovenia, Spain, Sweden and the U.K have issued no fines to date.
In addition, there were several high-profile cases involving tech giants Facebook and Google. France fined Google nearly $57 million for its first major violation (admittedly a drop in the bucket for the tech giant), and Facebook could face more than $1.6B in fines for an October 2018 data breach.
GDPR is proving costly to many lesser known companies as well, as companies had to increase security and compliance budgets to better meet GDPR guidelines. A November 2018 Versasec survey revealed 41% of companies surveyed stated their companies paid more than anticipated to comply with GDPR regulations.
In a number of noted breaches this past year, well-meaning employees were the cause of many GDPR violations. Employee compliance was a major concern for companies, with 41 percent in the Versasec survey stating they worried their employees would not fully understand the rules of compliance.
Many companies are still working to better comply with GDPR policies and there's speculation that more companies will be fined as supervisory authorities investigate GDPR violations more thoroughly over the next year.
One way to better meet GDPR standards is by verifying and managing user identities. Companies that can prove their compliance by verifying and managing user identities can ensure their security controls can be audited with identity and access management (IAM) solutions.
As the second year of GDPR standards begins, it's more important than ever that companies take compliance to the next level. To understand how companies can quickly and easily comply with GDPR regulations, take a look at this Versasec eBook.