GDPR four years later – How are businesses getting on?

GDPR data protection

The EU’s General Data Protection Regulation (GDPR) marks its fourth anniversary after coming into effect on 25th May 2018. Since then, it has paved the way for other data protection regulations, including the CCPA, and 1.6 billion euros of fines have been issued. 

While the UK has adopted its own version – UK GDPR, companies of all sizes continue to fall short of GDPR compliance due to data protection violations such as data breaches.  

Four years on, despite the record number of fines issued by the Information Commissioner’s Office (ICO) over the past financial year (2020/21) at £42m, organisations have taken complying with GDPR and other data protection regulations more seriously.  

Unfortunately, recently, the ICO fined facial recognition database firm Clearview AI £7.5 million for breaching UK data protection rules – which is still a significant reduction from its original fine of £17m in November 2021. The organisation was fined for developing an online database by collecting over 20 billion images of people’s faces and data from publicly available information sources on the internet and social media. It did not notify any of the individuals involved that their images were being collected or used in this way – which goes against data protection regulations. 

What’s the biggest challenge with GDPR? 

We spoke to our CTO, Jason Stirland, who highlighted, “the biggest challenge with GDPR remains that it’s not always fully understood by employees.  

“This is why regularly refreshing data protection training in all employees is crucial – no matter their level – as it ensures that every employee understands their GDPR obligations to protect themselves and the organisation.  

“Data breaches can happen for several reasons, and with employees being the most vulnerable resource, human errors will tend to occur. Be that as it may, reducing the likelihood of data breaches happening remains an organisational responsibility to train employees on cybersecurity awareness training – e.g., learning how to spot a phishing email and not sharing any personal or confidential information with third parties.” 

GDPR and the Great Resignation – Is there an impact? 

Jason revealed that the pandemic created pathways for significant people changes in organisations of all sizes, thanks to the Great Resignation.  

“With this in mind, organisations must remember to do their due diligence and ensure newer team members are provided with GDPR training to ensure compliance. It’s worrying how many organisations fail to consider this within the onboarding process, especially with many employees now joining companies on a remote working or hybrid basis – ensuring they can learn this from home will be vital.” 

If you’re looking to reduce GDPR training gaps within the onboarding process or improve GDPR compliance overall in employees, then take a look at our data protection courses and get in touch with us today for a free demo. 

Get New and Exclusive Insights Direct to Your Inbox!