One year On from GDPR but what have we learnt?
This week marks one year since the General Data Protection Regulation (GDPR) arrived on 25 May with much speculation and uncertainty. Julia Seary, partner at Roythornes Solicitors, looks at what we’ve learnt and what major scandals, if any, have come to light.
This time last year, GDPR was the hot topic of conversation as its introduction promised to impact nearly every organisation across Europe.
The regulation was introduced to strengthen personal data privacy laws in light of technological advancements and put all European organisations on an equal footing in terms of compliance requirements. In a heavily data-driven world, GDPR was an attempt to update the law in response to the volume, variety and speed of personal data production and its global circulation.
Now that the dust has settled, we can begin looking at how the regulation is really working in practice.
Overall, it appears that significant enforcement activity is minimal, but that’s not to say investigations aren’t taking place behind the scenes. There have been more than 50,000 data breach notifications across Europe since GDPR came into force and here in the UK, the Information Commissioner’s Office (ICO) have received more than 8,000 notifications of data breaches since the end of May 2018.
The largest GDPR fine issued to date has been the €50 million against Google by the French data privacy regulator for lack of transparency, inadequate information, and lack of valid consent in relation to its use of personal data for the purposes of personalising advertisements.
Remember that a maximum fine of up to €20 million or 4% of annual worldwide turnover – whichever figure is greater – can be imposed on businesses which do not conform with the updated regulation.
The use of data subject rights is becoming another business issue; GDPR grants individuals more extensive rights regarding their personal data which has generated a culture of individuals making repeated and extensive subject access requests (i.e. requesting emails going back many years), often simply to cause annoyance, waste time and incur costs for the data controller.
Immediately following 25 May 2018, there was a surge in erasure requests as individuals sought to clean up their online privacy and security. This seems to have slowed down in recent months – perhaps due to the realisation that the right to request erasure is subject to business requirements, rather than an absolute right to have all information deleted.
Finally, the last emerging data protection trend and a potentially concerning development is the increase in class action-style litigation and so-called “data protection ambulance chasers”. Some claimant law firms are attempting to build business off the back of data breaches – even if the breach gives rise to little risk of damage.
In order to avoid business impact and interruption our advice continues to be for organisations to review and update data privacy documents, implement GDPR training, and assess all data flow and transfers. We also recommend reviewing contracts with third parties and putting a process in place to deal with DSARs, other requests and potential breach scenarios.
Industry: Unified commuication news
- ISO27001 Information Security Consultant
- Up to £60,000
Information Security Consultant with ISO27001 audit and advisory experience is needed for a client facing opportunity with a Cyber Security company in London. Experience with ISO27001 is essential. Activities of the role will include, but not be limited to providing advice to clients, Gap analysis, Risk assessment, analysis, ISO27001 Audits. Experience taking a client through to iso 27001 certification is highly desirable. This Cybersecurity consultancy, who are dedicated to improving and investing in their client's businesses and employees careers, are looking for a security consultant due to expansion. All the training and development will be provided to help them specialise into the PCI industry / Security advisory industry. Ideal certifications ISO27001 Lead Auditor, ISO 27001 Lead implementer, PCI ISA. Aspiring PCI QSA. Other certifications such as CISSP, CISM or CISA are beneficial to have but not required. The ability to SC Clearance is essential. MUST be UK based and realistically able to commute to London. Structured career path, technical training, diverse and interesting clients available. (ISO70001 Lead Auditor, ISO 27001 Lead implementer, PCI ISA. Aspiring PCI QSA, ISO27001 Information Security Consultant) Contact me on firstname.lastname@example.org or 07884666351 or 02086634030 Ref: CH7514
- Google Cloud Data Engineer
- Up to £650 Per Day
Google Cloud Data Engineer London Up to £650 Per Day Duration: 3 months (Potential to extend) We are currently working with a leading Google Cloud partner who are currently looking for a Google Cloud Data Engineer in London. The Google Cloud Data Engineer will be responsible for a new, on-site project (start to finish) designing and implementing a data cataloguing platform using Google Cloud. Current Experience Required Google Cloud Data Analytics (Data Engineering, Data Mining, Data Cataloguing etc.) Cloud PUB / SUB Ref: PG7512
- Professional Services Security Engineer
- United Kingdom
Professional Services Security Engineer with current checkpoint experience is needed for the UK focused client facing implementation/migration, configuration position. The role will be utilising the latest versions of Checkpoint, so someone accredited with either CCSA or CCSE, on at least version R80 is ideal. The Professional Services Security Engineer must have current technical implementation experience using Checkpoint, however, I would look at someone with strong firewalling experience around other vendors such as Palo Alto and Fortinet. Being a multi-vendor professional services business, there is scope for this person to receive training and experience within other vendors. This is a UK wide role, the company in question has 2 offices across the UK, however, there is scope for this person to be home based when not on client site. Vendor training and exposure actively promoted.
- eDiscovery / Forensic Consultant, London, £65,000
Senior eDiscovery / forensic consultant needed to join a business is recognised for helping top tier clients across eDiscovery, Forensics, Incident Response, Advisory etc. Known the for quality, consistency of work throughout the world. This individual MUST be London based, client facing with deep technical hands on experience with eDiscovery / forensic tools, techniques and best practice. Hands on experience using Relativity is essential. The position is split between engaging with client stakeholders to provide consultancy, technical engaging to identify, preserve, collect, process, review and produce electronically stored information in litigation and manage / provide support for the other internal business functions. This will include, but not be limited to; manging client engagements, collecting / processing data within Relativity, delivering / providing guidance customisation on reports, advising clients. Any of the following certifications are highly desirable. • Relativity Certified Administrator (RCA) • Relativity Processing Specialist • Relativity Analytics Specialist Travel to client site will be involved. Fluency in multiple European languages is highly desirable. All details kept in the strictest of confidence. Contact me on Chris.email@example.com 07884666351 or 02086634030