The General Data Protection Regulation (GDPR) of Europe has recently reached the one-year mark. Within that year, the GDPR has accomplished a lot.
Most notable among the GDPR successes is that it has changed how companies collect, store and process information on EU residents. The GDPR has required companies to be more open about the data they have and who they are selling or sharing it with.
The GDPR’s actions have been lauded as setting the bar high for the modern global standard concerning privacy in the age of digital means, where data is a commodity usually sold to the highest bidder.
The GDPR was formed and came into effect a few months after the Cambridge Analytica scandal, where 87 million Facebook users had their data taken.
So far, according to EU figures, 144,376 GDPR complaints have been filed by citizens, organizations and others. Companies alone have reported 89,271 data breaches, which they must report within 72 hours of discovery.
In January 2019, GDPR handed out a landmark penalty to Google, worth 50 million euros, for not disclosing how data is collected and used for target advertising.
As of right now, Google is still facing an open investigation by the Irish Data Protection Commission (DPC).
Other fines have been given to a Portuguese hospital (400,000 euros), a Polish data processor (220,000 euros) and a German chat app aimed at kids (20,000 euros).
There’s no current record of fines issued so far.
Many big tech companies await further clarification on regulation implementation.
As Mark Zuckerberg, Facebook CEO, wrote in a blog post, “As lawmakers adopt new privacy regulations, I hope they can help answer some of the questions GDPR leaves open. We need clear rules on when information can be used to serve the public interest and how it should apply to new technologies such as artificial intelligence.”