GDPR’s impact: The first six months
GDPR is now six months old – it’s time to take an assessment of the regulation’s impact so far. At first blush it would appear very little has changed. There are no well-publicized actions being taken against offenders. No large fines levied. So does this mean its yet another regulation that will be ignored? Actually nothing could be farther from the truth.
The day GDPR came into law complaints were filed by data subjects against Facebook and Google. Complaints – that does not sound like action by regulators, in fact its not – its action taken by lawyers. GDPR is a much-evolved form of European regulation allowing data subjects to file suits against data collectors whom they believe are violating their rights. This battle is going to be fought in 28 EU countries courts much sooner than in their Data Protection commissioners ministries who enforce the law and handout fines for violations.
Activist legal teams like Austrian noyb and its founder Max Schrems who had a strong hand in drafting GDPR are taking up these complaints. Meanwhile activist Privacy International is going after the likes of Oracle – filing complaints in the UK along similar lines as to the claims against Google and Facebook in that there is ongoing disregard to establishing legitimate-use of data collected and a disregard of individual’s rights because in fact those individuals do not know their data is being collected, so there is no expectation they can ask that their data be removed.
Regulator action will take time – six months is too early to get a proper read. Yet, we can still get a feel for what is going on by looking at what’s happening in a given country. The UK is interesting; their Information Commissioner predates GDPR as UKs privacy regulations go back to 1998. The UK commissioner is currently publishing findings and leveling fines after investigations for activities dating back to 2016. That gives us a feel for how long investigations may take under GDPR.
Perhaps we will not know the full impact for another two years to the magnitude of fines levied. Facebook’s challenges with Cambridge Analytica were lucky in that they fell under the prior law resulting in a smaller 500K GDP fine than the billions allowed by GDPR. Breaches at British Airways and others, which took place since GDPR became active, are being carefully monitored to see if in fact they were properly reported to the UK commission within the 72-hour limit of being discovered.
The hotbed for US companies is Dublin as Ireland is where many US companies have their European headquarters. Helen Dixon, the current Republic of Ireland Commissioner, and her office is one of the busiest in Europe working with these companies as they scrabble to be complaint under the law.
GDPR has had influence internationally – 10 countries including Canada, whose law just went active this month, now have very similar laws. California also has a much-watered down version that went into affect as well. None of these laws carry the same fines, but most allow for litigation. California is just one of 26 states that have such laws on the books. These laws vary widely in their rules. Because of this the Internet Association, an influential lobby group for Internet based companies, has come out indicating it would be for a single US law to provide uniform privacy assurance.
The difference being in how they want the law to be written. Here is an example: Google’s Android OS terms and conditions states that the user, by activating their service, consents to Google’s collection of their personal data across All Google products for any use. Today once you activate you can’t go back and ask them to remove you. The Internet Association’s President Michael Beckerman, states that individuals should have a right to ask what has been collected and then have this information removed – If they discontinue using the product/service. The difference is GDPR does not force you to disconnect your $1000 phone.
Given all that, perhaps its not surprising that Apple CEO, Tim Cook, has come out strongly in favor of having a similar strength version of GDPR here in the USA. Apparently they don’t collect the same data that Google, Facebook and Amazon do. Score one for capitalism?
All-in-all GDPR has had a subtle but extremely influential impact in the Internet world already. With all the lawyers involved, it’s not likely going by the wayside anytime soon.
source helpnetsecurity
Industry: Cyber Security News
Latest Jobs
-
- Identity Channel Partner Manager | London
- London
- N/A
-
Identity Channel Partner Manager | London Location: South East UK (commutable to London) We are working with a Cyber Security business who are looking for a Channel Partner Manager to drive and grow relationships across their identity ecosystem. Prior experience working within VARs, distributors, vendors or resellers in the identity space is essential. You must have experience working with technologies such as CyberArk, Sailpoint, Okta etc Responsibilities will include, but not be limited to: Build, maintain and develop strong relationships with channel partners. Work closely with partner sales teams to support growth drive sales opportunities. Identify and onboard new partners while strengthening existing partnerships. Act as the key point of contact for all channel-related activity. If you are an experienced channel professional, with experience in the Identity space and are ready for your next challenge, apply today.
-
- Service Architect- DACH regions
- Germany
- Upto €110,000 plus bonus and benefits
-
Lead Service Architect with the authority and experience to take control of complex, multi-million-euro outsourcing bids. This role is about leading the Service/ solutioning effort, bringing structure to chaos, and driving the entire bid team to deliver winning proposals. The company area a global managed services business working with enterprise and public sector clients, across Cloud, End-User Computing, Digital Workplace, Service Desk, and Network Infrastructure. What You’ll Do: Lead Service/ solution design from qualification to contract. Control bid teams — architects, pricing, delivery, and SMEs. Break down RFPs/RFIs into actionable, costed, client-ready solutions. Present internally and to clients at decision-maker level. Run solution workshops, own the architecture, and shape the financial model. You’ll Need: Experience working as a Service architect, Service Manager or Customer Success Manager R Gravitas to lead and drive teams through high-stakes bids. Deep knowledge of managed services delivery and commercial models. Strong technical grasp: Cloud, Security, EUC, Unified Comms, Service Desk, and more. Experience leading deals across onshore, offshore, and hybrid delivery models.
-
- Deal Architect- DACH region
- Germany
- Upto €110,000 plus bonus and benefits
-
Lead Deal Architect with the authority and experience to take control of complex, multi-million-euro outsourcing bids. This role is about leading the solutioning/ Service effort, bringing structure to chaos, and driving the entire bid team to deliver winning proposals. The company is a global managed services business providing solutions to enterprise and public sector clients, across Cloud, End-User Computing, Digital Workplace, Service Desk, and Network Infrastructure. What You’ll Do: Lead the deal from qualification to contract. Control bid teams — architects, pricing, delivery, and SMEs. Break down RFPs/RFIs into actionable, costed, client-ready solutions. Present internally and to clients at decision-maker level. Run solution workshops, own the architecture, and shape the financial model. Be responsible for the service Wrap and ensuring the Service meets clients requirements You’ll Need: A back ground with IT Services Experience in a similar type of role, for example: Deal, Service, or Solution Architect in ICT outsourcing. Gravitas to lead and drive teams through high-stakes bids. Deep knowledge of managed services delivery and commercial models. Strong technical knowledge: Cloud, Security, EUC, Unified Comms, Service Desk, and more. Experience leading deals across onshore, offshore, and hybrid delivery models.
-
- Pre Sales Lead- IT Services
- Germany
- Upto €100,000 plus benefits
-
As the Pre-Sales Lead (Sales Engineer/ Solution Architect) you will drive large-scale ICT managed services and outsourcing deals (from €0.5M to €20M+). You'll work directly with Business Development and clients to design high-impact solutions across Cloud (Azure, IaaS, SaaS, PaaS), EUC, Unified Comms, Security (SIEM, PAM), Networks, and Smart Workplaces. What You’ll Do: Lead the end-to-end pre-sales cycle — from RFI/RFP to contract. Design innovative, client-specific solutions with technical & commercial impact. Present at CxO level and steer proposal strategies & financial models. Collaborate closely with Portfolio, Service Desk, Field, and Digital Workplace teams. Support deal shaping with strong knowledge of ITIL, SIAM, Automation, and cost analysis. What You’ll Bring: Have strong experience in pre-sales or solution architecture. Experience with €M+ managed service deals. Deep technical expertise in modern ICT stack and enterprise IT services. Strong German (C1) and English communication skills. Certifications: ITIL v3/v4 required; SIAM, ISO20000 desirable.