Three Years of the GDPR

On the 25th of May 2021, the GDPR turns 3 years old. Initially established to protect the Personally Identifiable Information of citizens within the European Economic Area its effects have reached around the world.

Data Protection People have been there from the start, on the 28th of May 2021, our top consultants Phil Brining, Oliver Rear and David Holmes joined together to look back at the last 3 years and discuss how the GDPR has influenced Data Privacy.

The GDPR has caused businesses to stand up and take notice of privacy, many of them for the first time. The introduction of the General Data Protection Regulation three years ago threatened to cause ruptures in the way we dealt with our information and its impact has been felt by everyone.

The Data Protection People have worked with the GDPR since its introduction and have seen a whole range of people become responsible for privacy, including Operations Manager, School Bursars and even IT Managers.

We have seen the GDPR create new job opportunities, we have seen small organisations working hard to become compliant and seen the panic felt by larger businesses who have neglected their new responsibilities.

Despite the initial fear surrounding the GDPR, the world hasn’t imploded and although we have seen some considerably large fines, like the British Airway fine for £20 million and the Marriot hotel fine for £18 million, we believe they have been fair.

So far there has been almost £250 million in fines imposed throughout Europe and over 160 thousand personal data breaches recorded. The GDPR allows for fines of up to £17 million or 4% of global turnover so in retrospect the fines have not been that harsh. The fine for British Airways was initially £180 million but was reduced considering the Covid pandemic.

The five largest fines under the GDPR totals €155.45m, so over half of the fines issued have been over those five GDPR breaches which happened at H&M, Tim Telecom, Marriot, British Airways and Google.

In 2021 and with the end of the pandemic in sight, now is the time for organisations to learn the lessons from others who have fallen foul of the GDPR. If you would like to tune in and listen to today’s episode, click on the player below.

If you would like to get involved with any of our future sessions, please contact: [email protected].