The new General Data Protection Regulation has already been in motion for a year and its metrics data is now available:
– More than 500.000 Data Protection Officers (DPOs) have been appointed internationally
– More than 280.000 incidents have been spotted in 27 countries
– 144.000 of which have been noted as complaints
– More than 89.000 of the cases have been registered as data breaches
– 56 million € have been paid as fines in 11 countries
In particular and as far as Greece is concerned:
- 65 checks have been recorded so far, instigated by the Independent Authority Of Data Protection in corporate webpages, with regards mainly to the proper use of cookies and the transparency of the purposes of processing
- As it has now been made available according to the records of the Independent Authority, 930 official complaints have been made, along with 136 notices of GDPR breaches, however the Independent Authority as such has been focusing only on mere recommendations, while no fines have been imposed, because as it is clearly implied there is a period of grace that has been granted to all involved parties
In particular and as far as Bulgaria is concerned:
According to the aforementioned it is clear that GDPR – despite being only newly-fledged – has brought with it tremendous changes worldwide with regards to personal data, that can clearly be considered as major opportunities from the enterprises’ side: by taking such responsibility, enterprises can ameliorate themselves, while also adjusting themselves and complying with GDPR, by being offered the opportunity to revisit and reevaluate the procedures through which processing and storage of personal data take place. Especially large and medium scale enterprises could make the most of the “Governance, Risk management and Compliance” model, through the application of which competitiveness is achieved, due to better insight while understanding their clients/ partners more, their needs and the services to be offered, while, at the same time, the enterprises themselves project an image of stability, by being able to map the risks and to foretell regulations, in a way that they offer a safety net not only for themselves but also for their partners.
It is to be noted that by enhancing the responsibilities and the role of the Data Protection Officer (DPO) any enterprise (in a direct relationship with the BoD, being accountable to the Managing Partner, by remaining an independent counsel and liaison of the enterprise with the Independent Authority of Data Protection) establishes a new order of balances also in terms of internal operations.
Data so far leads us to realize that in terms of GDPR prediction, this regulation could act as a catalyst for a number of organizations to examine critically all evidence available, and the line of their reasoning, a state which inexorably could lead to undertaking projects by applying a limitation – in a controlled way – to the size of data stored (and not only of the personal data) while, at the same time, the amelioration of the collected data’s quality shall be ensured. As a result, the service level of the clients’ shall be improved, while simultaneously the data presented to the people in charge of taking decisions shall become more reliable. In addition, a new revisited interest for projects focused on data and files management is recorded, along with the advantages deriving from enterprises able to certify themselves in this specific field.
It is already noted down that:
- Both public and private sectors face a sheer difficulty in dealing with status matters of GDPR compliance, especially when it comes to big data, that do not make it easy for enterprises to confirm that personal data is recorded and under proper management
- The width of Public Authorities’ users makes it practically impossible to get the necessary consent without the deploy of self-service technologies
- That ever since GDPR came to life, enterprises are more interested in being ISO 27001 approved, which is the international certification for information management security. The certified according to the just said ISO organizations are to be considered as paying extreme attention on collecting, managing and safeguarding of the information they handle and the computing systems they use
- That the biggest challenge still to be considered is the way to trace data breaches. By complying to GDPR there is an obligation to notify the competent authorities within 72 hours’ time, however in real world it takes more than that to actually trace such a breach. The corrective tool to that end is to get the IT department engaged in a thorough check, but it is much too often noticed that enterprises do tend to overlook it due to fear of what it can bring as a responsibility
- That due to the increase of digital channels, connectivity and cyberspace criminality, personal data privacy has been a difficult to achieve goal
- That enterprises meant to collect a great load of personal data (big data) which is then to be distributed to third parties, face a great difficulty in applying basic GDPR principles
- That collecting and managing personal data, as well as the establishment of that which is to be stored and for an indefinite period of time, is a time-consuming and complex task for too many enterprises
- That sensitive commercial data on which fundamental commercial operations and services are founded is extremely valuable as well
- That ensuring that employees, clients, suppliers and partners should rely on a company and cooperate with it may as well be defined by the way it is able to proclaim good governance of data and privacy
Our Company stands fully equipped alongside every businessman (in each and every part of Greece and Bulgaria) by making sure that all necessary international standards regarding related services have been met accordingly.
Author: Oikonomakis Christos