I love the start of Fall. When I was a kid I would get terribly excited about my new school supplies, the new coat I would wear, and simply feeling the weather change.
Now that I am an adult, I just love Fall because my kids will be going back to school and I can go back to my routine. There is something about September that is soothing: summer is over, a new academic year is starting and it's the right time to align your objectives and thoughts together.
I was expecting the summer to be all about GDPR lawsuits and headlines but the news fronts were rather quiet. Yes, privacy related regulations have made extraordinary advances in California, Canada, Brazil, and even India who are all working towards adopting their own version of the GDPR. But Europe has remained rather quiet.
Still waters run deep
Yet, before declaring that the GDPR will never be really enforced and that the 4% turnover or 20M EUR fines are just scarecrows, one should take a closer look at the data. Since May, all of the indicators below have increased across Europe, revealing how effective GDPR mechanisms are:
Data breach notifications: The UK Information Commissioner's Office received over 1,750 data breach notifications – or 338% increase when compared to March and April. Those figures are similar to those reported in Ireland and Germany. This rise is a direct result of the GDPR requirement to report data breaches within 72 hours of discovery.
Privacy complaints: In France, close to 1000 complaints were registered in June, and this is only the beginning as consumers are starting to understand their rights and the mechanisms in place to address privacy complaints. The same increase has been witnessed in several other countries including Ireland and Germany.
Right To Be Forgotten requests. A survey1 found that 55% of consumers will consider asserting their private right of action when their personal data is involved in a privacy infringement.
And on top of these, some authorities are proactively conducting GDPR enforcement actions. Such is the case in the Netherlands, where the DPA randomly selected companies to produce evidence of compliance with the GDPR2. Similar initiatives will be taken in Germany and Italy.
On all accounts it seems that our Fall will be filled with investigations and potentially lawsuits in Europe. American companies that may have started to think that GDPR was a distant threat, may be surprised as September starts.
Our forward-looking customers have already taken the right steps to demonstrate to regulators that they are ready for GDPR by implementing better processes. With mission critical mechanisms for interactions tagging and deletion, our
Compliance Center equips organization that want to show their DPAs that they have taken the right measures and that are ready to make privacy a customer experience differentiator. If you haven't done so already, September is the right time to think of your priorities.
Why don't you reach out and
schedule a demo and see what we can do to help?