• Follow us


Looking back at one year of GDPR - and what comes next for data privacy

Since GDPR came into force on 25th May 2018, it has fundamentally altered the global privacy landscape: over half of global GDP now falls under GDPR-like standards. However, there is still much work to do, with the last year seeing a patchwork of successes and failures as businesses of all sizes scrambled to address the most extensive data law ever put into force. One year on, it begs the question: how much longer do we have to wait until the privacy promise of GDPR becomes a reality?

Consumers and businesses are waking up to privacy

There is no doubt that, in terms of awareness, GDPR has already had a positive impact with consumers’ understanding of privacy issues at a record high. After GDPR came into effect, Europe saw a record number of complaints about how personal data is being handled. The UK led the way, with the Information Commissioner’s Office (ICO) reporting a 260 per cent increase in complaints in the period immediately following the 25th May, totalling 37,798 over the last year. The Irish DPC recorded 6,000 complaints in the same period.

Privacy is also increasingly becoming a board-level issue for businesses - earlier this month Google rolled out several new privacy-focused products, with its CEO stating that ‘privacy should not be a luxury good’. For those falling behind, regulators such as the FTC are demonstrating their commitment to executive oversight by demanding the creation of board-level committees dedicated solely to privacy. The introduction of Data Protection Officers as required by GDPR is certainly placing a healthy tension in the decision making of data-driven businesses, however like many of the tangible results of the new law, their impact on the privacy promise remains to be widely acknowledged.

Implementation difficulties are undermining confidence in GDPR

More apparent is the reality that both businesses and consumers are still suffering from the short-term difficulties of implementing GDPR. A year after the implementation of GDPR, European enterprises view data protection and privacy as the most challenging area of regulation for their 

In particular, companies are struggling with data integration and compliance. As the number of complaints, deletion and suppression requests rises it’s become clear that the way user data is stored and the cost of building compliance infrastructure is preventing businesses from fully complying with GDPR because of the way data is siloed in a business and the expense of creating the infrastructure required for compliance. Solving this engineering challenge requires a holistic approach to customer data architectures and digital identity that can connect these silos and make user data suppression and deletion requests easier to enact. Even in the most hybrid data architectures, that have credentials and PII spanning mainframes, legacy apps on premise and SaaS apps served from multiple jurisdictions will benefit from the introduction of a horizontal platform approach, providing a connective layer that can be exposed via data dashboards to enable customers to self-serve their own data management.

The vastly more common experience for consumers is frustration at feeling the knock-on effect as some businesses struggle to comply. In some instances, it’s clear that in the first 12 months of introduction, GDPR embodies the law of unintended consequences. For consumers, rather than experiencing a new era of data transparency, the most noticeable impact of the new regulation has been a significant worsening in their internet experience. Because of the way advertisers and publishers have approached the cookie management issue, the “opt-in”, “opt-out” process that users must pass through to read any content is more of a hindrance than a way to empower and educate users, and is often delivered in such a clunky fashion that it seems designed to confuse and catch people out. Even worse, some websites still remain inaccessible to EU users a year on from GDPR like the Chicago Tribune, the eighth-largest newspaper in the US. It remains to be seen if this sticking plaster approach to compliance will work longer term, but it’s clear there’s still a long way to go before GDPR truly fulfils its primary goal of putting users back in control of their personal data.

We can’t wait for regulators to force our hand

As the UK’s information commissioner, Elizabeth Denham, recently pointed out, the GDPR is at a critical stage and the next phase of change is not assured. While countries such as Brazil, India, and Japan have adopted GDPR-inspired privacy standards, other efforts, most notably those in the US, are floundering - only last month a much-anticipated privacy bill introduced in Washington failed to pass due to legislative gridlock.

The prospect of a wave of enforcement actions related to data privacy breaches attests to the fragility of the current landscape. The US FTC, the UK ICO and Irish DPC have all recently announced impending action ahead of the near-completion of several major data privacy probes. In ascribing a reason for the flurry of enforcement action, Denham said the GDPR was supposed to enshrine in law a responsibility on data-handling businesses to understand and mitigate risk they create when handling data. However, her comments made clear that this change is not yet evident in practice, saying: “I don’t see it in the breaches reported to the ICO. I don’t see it in the cases we investigate, or in the audits we carry out.”

This highlights a fundamental aspect of GDPR, which is often lost in discussions about fines. A privacy-first approach cannot be forced upon companies by regulators and legislators. In the same way, that environmental regulations led to cleaner air but also permitted acceptable levels of pollution, privacy regulations won’t eliminate profiling, abuses or mass data collection. To achieve this, consumers must let companies know that this behaviour is not acceptable by voting with their feet (or thumbs). The power to change the privacy paradigm, permanently and fundamentally, in the image that GDPR envisaged rests in the hands of consumers who use their technology (or choose not to). Certainly the introduction of consent as an ongoing requirement for continued engagement with personal data beyond legitimate use has a long life ahead and those enterprises that embrace the concept of an exchange of value with their customers will see this pay dividends with customers feeling confident to share more of their data rather than leave services that do not respect privacy.

Consumer ownership of data is the future

One thing that GDPR has made clear is that the old model, where users were harvested for as much data as possible and given only the bare minimum of control and visibility, is no longer acceptable to users. Consumer ownership of data is the dream and GDPR is just the first significant step towards making it a reality despite the current difficulties. We are seeing a rising tide of data regulations globally, all aimed at putting users back in control. Meanwhile, initiatives in Financial Services such as Open Banking are laying the groundwork for a future where consumers are able to control and manage their data so that it can be used to benefit the individual, not just the business who collects it. This approach will eventually become the norm across industries - the UK’s move towards a Pensions Dashboard is another example - and those companies that are able to adapt effectively and deliver the trust and convenience that consumers want will have a major competitive advantage.

Nick Caley, Vice President - Financial Services and Regulatory, ForgeRockImage Credit: Visualsoft

Read More

Leave A Comment

More News

Latest ITProPortal news

What is GDPR? Everything you need to know 2019-05-28 10:24:49Everything you need to know about GDPR.

HP signs Deep Instinct deal to boost its 2019-05-28 08:00:08Upcoming HP laptops should come with state-of-the-art cybersecurity.

Facebook facing multiple GDPR investigations in Ireland 2019-05-28 07:00:45Out of 19 investigations, 11 are focusing on Facebook and its subsidiaries.

Indian digital transformation market showing massive growth potential 2019-05-28 07:00:45Increasing adoption of internet of things (IoT) in India to drive the market growth.

Delivering 360 customer service through AI, automation and 2019-05-28 06:30:22Customer service through AI, automation and the human touch.

Google invests $600m in new European data centre 2019-05-28 06:30:10Finland sees second Google data centre.

Emerging technology M&A and associated IP challenges 2019-05-28 06:00:35We take a look at M&A trends, how to manage IP issues in M&A and the role of strategic partnerships as an alternative to gaining access to IP

Foreigners will have a hard time owning Japanese 2019-05-28 06:00:12New law limits foreign ownership of tech firms in Japan.

US city hit by major ransomware attack 2019-05-28 05:30:40Hackers are demanding 13 Bitcoin from Baltimore.

One year with the GDPR – what has 2019-05-28 05:30:36It's been one year since the GDPR. Any news?

Quick guide to choosing a Java CMS 2019-05-28 05:00:13Since there are so many Java CMS products out there how do you choose the right one?

The rise of banking as a service (BaaS): 2019-05-28 04:30:23Banking as a Service (BaaS) integral to future-proofing banks.

TechRadar: Internet news

iOS 13 release date, beta, features and leaks 2019-05-28 11:39:08iOS 13 is due to launch early next week in beta form, and before Apple gives us a first look, we have compiled all of the top rumors.

The best cheap TV sales and 4K TV 2019-05-28 11:36:12We've searched through the latest TV sales to compare prices and bring you the finest selection of cheap TV deals.

Huawei says its Android OS replacement launch date 2019-05-28 11:33:46Huawei's OS, known internally as HongMeng, will not be rolled out next month, as previously stated.

The best cheap 4K TV deals and sale 2019-05-28 11:28:52We've scoured the net to compare prices and bring you the finest selection of cheap US TV deals.

Apex Legends: latest update news, characters, tips and 2019-05-28 11:19:56Apex Legends is the latest title to try and steal the battle royale crown from Fortnite.

Investment Week website suffers data leak 2019-05-28 11:18:12330,000 Investment Week readers have personal details leaked

Best Windows hosting services of 2019 2019-05-28 11:14:28Linux servers just don't hit the spot? We've got some quality Windows alternatives.

New Nintendo Switch: everything we want to see 2019-05-28 11:11:52Two years in to the Nintendo Switch lifecycle, we look at rumors of a 2019 hardware upgrade and what we want to see from the next Switch console.

Amazon Prime Day 2019 US: everything you need 2019-05-28 11:07:35Amazon Prime Day was bigger than ever this year. What does it mean for Black Friday and 2019?

Xbox Two: what we want to see out 2019-05-28 11:00:00When will we see the next generation of Xbox?

Leica Q2: 10 things we've learnt from our 2019-05-28 10:47:46It's one of the priciest compacts around, but there's a lot more going on here than the minimal styling suggests.

Best free iPad apps 2019: the top titles 2019-05-28 10:40:24We've dug out some real gems for your Apple tablet - iPad apps so good you won't believe they're free.

Disclaimer and Notice:WorldProNews.com is not responsible of these news or any information published on this website.