One year after GDPR
The general data protection regulation adopted on May, 25th 2018, for the strengthening of citizens’ rights and the obligations of European companies, has been highly publicized since the day of its adoption but has he kept his promises? What changes did it cause?
First, it is important to focus on the number of complaints received by the CNIL, which has been around 11,900 complaints since May 2018.
More than 89,000 notifications were sent to the CNIL, including 2,044 in France, 63% of them were closed and 37% are underway. One of them concerns Facebook, about the security breach, highly publicized, which concerned the personal data of millions of users.
The Varonis Global Data Risk Report released that the level of data security is not progressing. Despite stricter regulations, companies still continue to expose their sensitive data. This has been confirmed by the Skybox Vulnerability and Threat Trends Report.
After one year of GDPR, 91 fines were pronounced by the CNIL. According to the EDPB, it is a little less than 56 million euros in fines that were inflicted during the first nine months of the GDPR.
Google is the company that received the biggest fine. The control authorities fought against the digital giants, but the fine imposed on Google proved to be well below the maximum penalty.
An Austrian company was also fined 4,800 euros for installing a security camera that filmed a public space and a Portuguese hospital was fined 400,000 euros after its employees used fake accounts to access patient records.
What comes out of this first year of compliance is that the majority of companies are now aware of the importance of data protection and are adapting to the new regulation that has imposed on them, as well as the rest of the world. In particular, GDPR has inspired the United States in California to write his own text.