The EU’s General Data Protection Regulation (GDPR) turns three today and since its launch in 2019, hundreds of millions of euros worth of fines have been handed out to companies of the likes of British Airways, Marriott International Hotels, and even Google.
But not everyone thinks this piece of legislation is living up to the hype. Access Now’s new report, Three years under the GDPR: An implementation progress report, explores just how far this legislation still has to go before its promises — and potential — are truly fulfilled. “We’ve passed the settling in phase, and we now need to seriously address issues with the enforcement of the law. The next few years will decide if the internationally-acclaimed legislation soars like an eagle, or crashes and burns like a le(a)d zeppelin“, said Estelle Masse, Senior Policy Analyst and Global Data Protection Lead at Access Now.
But while it’s true that there is a huge discrepancy between member states in how DPAs are using their powers and despite many individual complaints remaining unaddressed, security leaders are certainly keeping GDPR at the forefront of their preoccupations.
Research by Egress has revealed that an overwhelming 90% of security leaders are concerned about group legal settlements following a serious data breach, while 85% are worried about regulatory fines. Launched to commemorate three years of GDPR, the research also found that almost half (47%) of consumers would likely join a class-action lawsuit against an organisation that had leaked their data, proving security leaders’ fears to be accurate.