17 October 2018
Glantus Chief Data Officer on GDPR: Has the penny dropped?
Glantus Chief Data Officer Joe Keating looks at recent trends in GDPR complaints and enforcement, and what’s still to come.
I.T. has historically been responsible for data security and network protection, but GDPR’s requirements also involve operational and strategic areas of a business that make this a C-suite affair.
There have now been tens of thousands of complaints registered by EU Citizens directly related to Personal Data Protection violations on the basis of GDPR. For example, in France the French data protection authority (CNIL) has received 3,767 data protection complaints since the regulation came into effect in May of this year.
This is a 64 percent increase compared to the same four-month period last year.
In Ireland, former ‘Connect’ union members are looking to invoke the regulation in order to gain confirmation that they have indeed left their old union. Some 250 members resigned from ‘Connect’ from March 2017 and joined ‘Siptu’, only to be expelled from that organisation in July 2018 following an objection by ‘Connect’. They are now attempting to rejoin Siptu, but are first seeking confirmation from ‘Connect’ that their original membership has been resigned.
Yes, GDPR has arrived… for EU Citizens
All of this information lends weight to the view that, ‘yes, GDPR has arrived’ for EU Citizens, but has the penny actually dropped for organisations that have not taken steps to comply. One of the biggest companies that are facing sanctions at the moment is Facebook.
This is based on their recent admission that almost 50 million user accounts were compromised by hackers exploiting the ‘view as’ function and represents the biggest breach in the social network’s history. As Ireland is Facebook’s European base of operations, it falls to the Office of the Data Protection Commissioner (ODPC) to investigate and impose an appropriate sanction in line with the General Data Protection Regulation.
Can the ODPC Please Stand Up?
This should results in a penalty of around $1.6 billion (4% of global turnover). The question is, will the ODPC stand up for users, demonstrate its commitment to GDPR and impose a substantial fine or not. Regardless of the outcome, the result of this investigation will be a key factor in how seriously GDPR is perceived by organisations across the world.
At Glantus, we are enabling companies across Ireland, UK, US, etc. to automate the processing of ‘Subject Access Requests’ (SARs), and to easily apply the processes required to satisfy the core aspects of the regulation. This helps our customers to satisfy their customer concerns (and requests) and also helps them to avoid the odd fine (or two).