6months GDPR.

Six Months With GDPR in Force. What Happened?

The GDPR, that came into force on the 25th of May, 2018, expanded the EU‘s data protection area coverage, introduced innovations that have an effect on organizations and individuals. Therefore, it was one of the most significant events for companies in the EU and outside the EU that process personal data of the EU citizens. Organizations were forced to review the priorities of processing activities, to introduce new approaches and to develop a culture of personal data processing by minimizing collected data amounts, defining purpose and grounds for processing data, fulfilling the rights of data subjects, etc.

The survey on GDPR compliance

The TechRadar – the online publication focused on technology, recently held a survey with 103 major companies operating in Europe from different industries including retail, media, technology, public sector, finance, and travel. Results showed that even though companies are aware of requirements and now had six months to meet the new standards, many businesses are still struggling to cope with GDPR. It was mentioned in the summary of the survey, that a large proportion is lacking the proper methods of storage, organization, or retrieval of data in line with the regulations’ requirements. And the compliance level seems to be much lower than expected. The most difficult requirements to meet – the new rights of the data subject, such as the right to access and right to data portability.

GDPR concerns not only companies within the EU, but also the ones outside the EU that process personal data of the EU citizens.  And, according to the TechRadar, only 35% of Europe-based companies agreed to provide the data for a survey. This includes companies headquartered in the UK, France, Germany, Spain, Sweden, and Italy. However, only 50% of companies that provided data, showed the compliance rate slightly higher for non-European companies. Thus, businesses outside of EU seems to take a more proactive approach to GDPR.

Some industries are more GDPR compliant than others. The TechRadar shared the concerns, that over 76% of companies in the retail industry didn’t even participate in the survey. Financial service providers, on the other hand, were the most active, even though only half of the industry provided the response.

The main cause for GDPR data breaches

According to the ICO, the vast majority of breaches were caused by „human error“. The incompetence or mistakes resulted in 88% of the reported breaches (confidential data emailed to the incorrect recipient, loss or theft of paperwork, data left in an insecure location and others). Only 22%  were seen as being related to a malicious activity.

Here are some of well known GDPR data breaches

 GDPR six months summary in Lithuania

Lithuanian Data Protection Authority received a mass of requests for consultancy from companies regarding GDPR and the same amount of complaints from data subjects regarding unlawful/ incorrect processing of their data. That is why Lithuanian Data protection Authority still acts more as an assistant, rather than as a punisher.

During 2018, over 6671 consultations were provided. That is 15% more, compared to the number in 2017. The main focus was at such matters as the legality of data processing, innovations brought by GDPR, the expertise of the local data protection authority. Also, video surveillance under the GDPR, the appointment of a DPO, implementation of human rights, direct marketing, and personal data breaches. So far, the Lithuanian Data Protection Authority has not imposed any fines under the GDPR. However, after 19 inspections done during the period from the 25th of May, there were 18 cases when personal data was mishandled.

It is clear by the number of complaints received, that direct marketing is one of the most pressing issues that data subjects meet. During the half of year of GDPR, local data protection authority received 443 such complaints, which is almost the same as in whole 2017 (480). Despite direct marketing, people are actively complaining about data collected and used by debt collectors, the service providers sector and state registries. Also, possible breaches on special categories of personal data, personal identification codes, the legality of processing image data.

After GDPR came into force, data security breaches have become critical to both, public and private sectors. Data security breaches were reported 80 times from the 25th of May (in 2017 – only 7 data breach cases). The main causes – unlawful data disclosure, loss, theft, and plagiarism”

Share on facebook
Share on linkedin
Share on twitter
Share on pinterest
Share on email

Get your compliance organized with proper GDPR tools.
Contact us for a demo and get access to 14-day trial.

Save time and be confident

Latest Posts
The EU-U.S. Data Privacy Framework: A Transatlantic honeymoon for data flows, but for how long?

The EU-U.S. Data Privacy Framework: A Transatlantic honeymoon for data flows, but for how long?

The European Commission concluded that the United States ensures adequate protection for personal data transferred from the EU to U.S....
A Comprehensive Guide to Personal Data Mapping

A Comprehensive Guide to Personal Data Mapping

Introduction Data privacy and security are of utmost concern in the digital era of today, especially when it comes to...
Data Processing Agreement (DPA)

Data Processing Agreement (DPA)

What is a Data Processing Agreement (DPA)? A Data Processing Agreement (DPA) is a legally binding document to be entered...
Direct marketing rules and exceptions under the GDPR

Direct marketing rules and exceptions under the GDPR

Direct marketing includes text messages (SMS) and emails that a customer receives from a product or service provider. But activities...
Transmitting personal data to third countries

Transmitting personal data to third countries

The GDPR has put strict rules in place, when it comes to data transfer to third countries or international organizations. Which...
Records of processing activities in GDPR Article 30

Records of processing activities in GDPR Article 30

What are the records of processing activities (ROPA)? Article 30 of the EU General Data Protection Regulation (GDPR) requires organisations...
10 Great GDPR Software Tools for Compliance in 2023 (Review + Pricing)

10 Great GDPR Software Tools for Compliance in 2023 (Review + Pricing)

In this article, we will introduce you to some useful GDPR software tools which may help you reach GDPR compliance...
Personal Data Breach Reporting Requirements Under the GDPR

Personal Data Breach Reporting Requirements Under the GDPR

What is Data Breach? According to General Data Protection Regulation (GDPR), a personal data breach is a security incident that...
Data Protection Authorities (DPA)

Data Protection Authorities (DPA)

Data Protection Authorities (DPA) Data Protection Authorities (DPA) are independent public authorities that supervise, through investigative and corrective powers, the...
GDPR compliance checklist for controllers

GDPR compliance checklist for controllers

This is a simple GDPR compliance checklist for data controllers that you can use to ensure you have considered most important...