We’ve been keeping a finger on the pulse of what’s happening with GDPR ever since its introduction hit headlines over a year ago.

It caused a lot of upheaval for a lot of businesses at the time, so now we’re asking did it live up to the hype? Have the huge fines that were promised to companies found in breach of GDPR been delivered? And what challenges do businesses still face in order to stay GDPR compliant?

Initially, the main issues GDPR raised for most businesses were to do with resourcing; both in terms of finance and personnel. Now however, a year later, the challenge has changed and businesses will have to battle to keep data policy and privacy at the forefront of board meetings and discussions, in order to keep GDPR firmly on the business agenda.

There is a tendency for many businesses, after initially working with Data Protection Authorities (DPA) and third parties (like ourselves) on conducting reviews of their data protection policies and practises before initially getting their house in order, to start resting on their laurels under the assumption that they’ve done enough.

By contrast the Data Protection Authorities themselves are starting to ramp up the enforcement of GDPR and as a result, we have already seen some significant fines handed out. Most notably was the fine handed out to Google totalling fifty million euros (which is almost equivalent to 0.04% of their annual revenue for 2018 according to slate.com), but it’s not just well-known firms reaping what they’ve sown. Lesser known companies have also been fined including one Polish company who had to pay over two hundred thousand euros for failing to inform individuals that their data would be processed.

It’s not just fines that businesses should be aware of either; the DPA can, and indeed already have, handed out sanctions preventing businesses from processing data either temporarily or indefinitely, and that can have a huge impact on the companies affected.

So, to answer the two questions from the introduction to this blog post; going forward, it will be more important than ever for businesses to stay up to date with regulator guidance and the decisions made by their country’s Data Protection Authorities in order to stay compliant and in terms of those huge fines that were promised, well it looks like things are just getting started. The fine for Google was really the only fine that delivered what all the early hype about GDPR promised, but that’s not to say more won’t follow.

For UK businesses especially, it is the European Data Protection Board website that should be watched carefully for the latest news, information and ongoing guidance and for even more updates on all aspects of GDPR, we recommended exploring the GDPR:Report website.