CS Jul-Aug 2023
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
GDPR<br />
BELATED HAPPY BIRTHDAY, GDPR!<br />
GDPR - THE GENERAL DATA PROTECTION REGULATION - HAS REACHED A MEMORABLE<br />
LANDMARK: IT IS NOW FIVE YEARS' OLD. HOW SUCCESSFUL HAS IT PROVED SO FAR?<br />
How do you measure the success<br />
of something as complex and<br />
far-reaching as the General Data<br />
Protection Regulation (GDPR), which was<br />
brought into existence five years ago to<br />
replace the 1995 Data Protection Directive<br />
used across various European countries.<br />
"After the internet becomes commonplace,<br />
the EU parliament decided they needed<br />
a new guideline that adapts to a more<br />
connected world where data is the common<br />
currency. The GDPR is designed to better fit<br />
modern technologies and practices," states<br />
Inspired eLearning. "The 1995 data<br />
protection law allows each country to control<br />
and customise its own privacy laws. This<br />
makes it harder for businesses to introduce<br />
their service between countries, since they'd<br />
have to refer to multiple privacy requirements<br />
and keep up with all of them."<br />
The GDPR eliminates all this, since now<br />
businesses only need to refer to one guideline<br />
and requirement to do business across all EU<br />
member states. It has also undergone several<br />
changes in the past few years. "Notably, in<br />
2021 the GDPR introduced major changes to<br />
its terms," adds Inspired eLearning. "For one,<br />
GDPR removed the Privacy Shield that was<br />
put in place to make it easier for US<br />
companies to do business with EU citizens.<br />
The other major change introduced in 2021<br />
would be the regulations for cookie consent,<br />
as GDPR now prevents companies from<br />
blocking access to content, unless a user<br />
consents to cookies."<br />
However, there is much debate about how<br />
effective this last change is proving, as many<br />
companies are making it extremely hard for<br />
people to refuse cookies, often making<br />
refusal difficult and/or pushing them to<br />
accept with various 'inducements'.<br />
The UK's GDPR, not to be confused with the<br />
EU General Data Protection Regulation, is<br />
a standard based on the EU version created<br />
by the UK Information Commissioner's Office<br />
(ICO) and included within their 2018 Data<br />
Protection Act. "This data protection law<br />
serves as a substitute for the EU version after<br />
Brexit. If you regularly process data of<br />
Europe-based customers, you'd have to<br />
adhere to both European data protection<br />
laws. As a result, the overall sum of fines<br />
significantly increases month after month."<br />
For the 12 months up to 1 March <strong>2023</strong>,<br />
1,576 fines were recorded in the CMS<br />
Enforcement Tracker database (an increase<br />
of 545 on 2022), amounting to around<br />
EUR 2.77 billion in fines (up 1.19 billion in<br />
comparison to 2022). The tracker also<br />
indicates1.446 fines have been issued since<br />
2018.<br />
"One might think that the companies who<br />
receive fines maliciously mishandled data, yet<br />
in reality compliance is a complex process,"<br />
points out Inspired eLearning. "When it<br />
comes to GDPR implementation, there are<br />
several grey areas as the provisions cover<br />
many different activities and were designed<br />
to withstand continual innovation. Meaning<br />
GDPR compliance is certainly not an easy box<br />
to check off on a company's to-do list.<br />
"Statistically, the violations with the most<br />
fines are related to data processing noncompliance.<br />
Against this background, luckily,<br />
there are tools put forward by GDPR itself<br />
that businesses can implement to increase<br />
their safeguards and, ultimately, reduce legal<br />
uncertainty and the risk of fines. In this<br />
context, codes of conduct (Art. 40) are one<br />
of the instruments GDPR has introduced to<br />
optimize and harmonise its implementation.<br />
"The EU Cloud Code of Conduct is a tool<br />
24<br />
computing security <strong>Jul</strong>y/<strong>Aug</strong>ust <strong>2023</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk