The General Data Protection Regulation has been applicable since 25 May 2018. Since then, member states of the European Union (including the UK) have adapted their national data protection laws in the light of GDPR. A crucial foundation of GDPR is that it applies to the processing of personal data of EU citizens – by any organisation around the world. Consequently GDPR has consequences far beyond the boundaries of the EU.
In many ways the GDPR is a pioneering piece of work that is influencing the thinking and law making actions of many other countries. California has now implemented its own DP law partly in response to the principles espoused in the GDPR.
“Within two years, these rules have not only shaped the way we deal with our personal data in Europe, but has also become a reference point at global level on privacy. In an environment increasingly relying on the processing of data, the GDPR ensures that citizens have more control over their personal data and sets at the same time a framework for trustworthy innovation. GDPR is a cornerstone of the European digital transition.” This quote is from a statement made by Věra Jourová, EU Vice-President for Values and Transparency, and Didier Reynders, EU Commissioner for Justice made to mark the second anniversary of the GDPR.
The anniversary has also been reviewed in many other publications. In an eWeek article Joe Garber, Vice-President of Strategy and Solutions at Micro Focus said:
“The single-biggest factor to impact business in 2020 is the global spread of COVID-19, which is affecting how and where we work, and how we buy. Despite this new reality, the EU warned in March that GDPR still applies.
“While the conventional wisdom is that GDPR and related privacy regulations around the world are good for business (e.g., consumers have greater confidence in providing sensitive information, organizations have a framework for appropriately leveraging information to make more informed business decisions) some short-term challenges to commerce are being triggered.
“From a corporate perspective, the biggest challenge being presented by GDPR in today’s environment can be found on the security front. As more employees are asked to work remotely – in many cases an increase of 3X or 4X from just a few months prior – and as IT is being asked to scale to meet unprecedented demand, new vulnerabilities are emerging that can compromise privacy. Organizations must therefore diagnose and address these new threats to identities, applications, and data in real-time, all while resources are being thinly stretched and often working in unfamiliar surroundings. Specific areas of concern include data on non-corporate owned devices as workers are having to use their personal equipment, and companies moving data to the cloud that must maintain secure as they do so.
“Organizations that have been most successful in pivoting to the post-pandemic business reality have been those that had already begun to digitally transform before 2020. For instance, an Austrian engineering company recently reported that they were able to move 95 percent of their staff to a remote working setting within mere minutes. They comfortably adapted, while adhering to GDPR requirements, in part because they had prioritized digital transformation in advance.
“Obviously it’s difficult to say how long this anomaly will last, or if some of the developing changes to commerce will be permanent. However, it’s safe to say that digitally transforming – often with technologies underpinned by AI/machine learning that would help them scale and predict unanticipated risks – will be an important path forward to help organizations adapt to new realities while staying true to privacy requirements.”