18.01.2019 | Bulgaria

GDRR: Beginning of 2019

The regulation, which is the biggest reform of the protection of privacy in the last twenty years, entered into force on 25 May last year. Then a great part of us accepted that things would happen instantly.

But, as with most new and far-reaching rules, achieving the effects of implementing the regulation is a time-consuming process. Businesses from all sectors struggled to get ready for the May 2018 deadline. Now, research shows the majority of organizations are still having difficulty complying with a critical part of it — specifically, the one where consumers can request copies of the data companies have about them.

Among the rules is also the power of regulators to impose fines of up to 4% of global income, or 20m euros, whichever is greater. Analysts also think that businesses should not only focus on the fines, they could get, but how the compliance with GDPR can be a driver of increased customer confidence and overall growth in business. So, 2019 could be the year when the ways companies comply with GDPR get more uniform across industries, positively affecting customer perspectives.

The first fines are already in fact at the end of 2018. State commissions for data protection have complained - only in France and Italy there is a 53% increase in the number of complaints, according to the head of the European Data Protection Supervisor Giovanni Butarelli. Not only fines, but also warnings for administrators, introducing bans, temporary bans or ultimatums. "The amount of the fines is decided by national regulators Butarelli 's institution does not impose fines but coordinates the agencies across the EU. can be tolerated by any company operating in Europe, whether it is based on the Continent, or in any other country that operates in Europe, regardless of whether it is based on the Continent, or in any other country that operates in Europe, regardless of whether it is based on the Continent. The fine has a meaning but for administrative purposes, it is only one element of the overall application of the rules.

In addition to statements, corrective measures, several sanctions in a large amount of money are publicly disclosed:
Austria - a € 4,800 sanction for violation of the "transparency" of CCTV by an Austrian trader.
Portugal - 400,000 euros. The hospital has disregarded the requirements for data access rules, putting patient data at risk.
Germany - 20,000 euros. The social networking site has not implemented measures to ensure the security of user data.

The CPDP Chairman Ventsislav Karadjov advised the business to read the European regulation carefully because it also protects it. 800 complaints were filed in the Commission for Personal Data Protection. According to Karadzhov, this is normal in view of the serious explanatory campaign in which individuals and data controllers were explained their rights and obligations.

In general, the positive news is that there are signs of businesses taking their legal and moral commitment to data protection more seriously than before.

If you are just starting your GDPR journey, then let this thought guide you as we enter the new year: in achieving compliance you’re simply adopting one more administrative process that’s a fact of life every day for most European business. Aim to incorporate it not just into your practices and processes, but into the very culture that underlies everything you do. This will make it feel significantly less onerous and more achievable.
It’s also worth remembering that the GDPR wasn’t and has never been a threshold that, once crossed, can be ticked-off a to-do list and forgotten about. For all businesses, implementing the GDPR has to be a continual process. Procedures need to be monitored and periodically reviewed for compliance, regardless of the type or size of your organization – throughout 2019 and beyond.

Put simply, it’s never too late to start – and never the wrong moment to consider how data protection is handled within your business.