intelligent

In May of this year , the General Data Protection Regulation ( GDPR ) celebrated its fifth birthday . Its introduction back in 2018 caused a huge shift in business practices around data and forced organisations to make data protection a part of their day-to-day . Half a decade later and the challenge continues to evolve . The UK ’ s British Data Protection Bill – still in its infancy – promises to bring a new set of regulations that businesses will have to navigate . At the same time , new technologies such as generative AI , are presenting an additional complication . With that in mind , seven business leaders share their reflections on the last five years of GDPR , as well as what the future might hold .

The data protection revolution

While GDPR may not be perfect legislation , there is no denying that it has brought about a landmark change in how businesses collect , process and store personal data . Its impact spread beyond the EU , where it was introduced , with almost eight in ten US organisations taking steps to become GDPR compliant .

However , complying with the regulations hasn ’ t been a simple or easy journey for most businesses . Gary Lynam , Director of Customer Success , EMEA , Protecht , said : “ A total of 1,446 fines have been issued since 2018 , all varying in amount and addressing different sized companies and violations . Statistically , the violations with the most fines are related to data processing non-compliance and let ’ s face it , with the likes of TikTok , British Airways and Ticketmaster being among the prominent names to have received fines , GDPR is clearly by no means a simple tick box process .”

In fact , the consequences for noncompliance may even be getting larger . “ ICO [ Information Commissioner ’ s Office ] fines have risen in frequency and cost over the past five years , brand damage for breaches is now understood and class action-style lawsuits are becoming possible in the UK ,” explained Richard Starnes , Cybersecurity Strategy Director , Six Degrees . However , he added a note of caution : “ This can have the consequence of causing companies to raise their data protection capabilities , but there is also an incentive to report breaches less frequently or at all . Let us not forget the recent case of the former Chief Security Officer ( CSO ) of Uber who was convicted of US Federal charges for covering up a data breach involving millions of user records .”

Hubert Da Costa , Chief Revenue Officer , Celerway , believes that ‘ the international focus on protecting consumer data has become much sharper over the last five years ’. However , he argues that organisations still have further to go : “ As we mark the fifth anniversary of the GDPR , companies should take stock and consider much more broadly how their organisation is approaching data security . Take remote and field workers , for example .

WHILE GDPR MAY NOT BE PERFECT LEGISLATION , THERE IS NO DENYING THAT IT HAS BROUGHT ABOUT A LANDMARK CHANGE IN HOW BUSINESSES COLLECT , PROCESS AND STORE PERSONAL DATA .