GDPR One Year On: How Have Data Companies Fared?

by Amnon Drori - International Business Times

For some, it was a time of concern and even panic. The European Union's GDPR was coming, and companies were given the clear message: Make sure you follow privacy protection rules, or you could end up like Google – which was about to be fined a record $5 billion for violating EU antitrust regulations. GDPR had teeth, and it was set to bite anyone who pushed it.

In early 2018, firms had copious amounts of data on people stored on long-forgotten servers and databases. Properly known as the General Data Protection Regulation, the rules require that companies that have data on individuals grant them the right to data portability or erasure. Companies are also required to hire a dedicated data officer, and to notify customers almost immediately if there is a breach that leads to a leak of their data. Violators could be fined €20 million ($22 million), or 4 percent annual global turnover – whichever is greater.

The regulations loomed especially large for data companies that relied on machine learning to gather data. They meant that these companies would need to be much more careful about their data collection, whereas many had previously engaged in massive, careless hoarding and sharing of data.

GDPR went into effect on May 25, 2018, so we've had more than a year to judge its impact. There's no doubt that the regulations have already had an impact on both consumers and businesses. In a nine-month summary of the effects of GDPR, the European Data Protection Board said that as of March, there were 206,326 complaints reported, with nearly 100,000 complaints relating to data privacy. GDPR supervisory agencies in 11 countries issued fines, totaling €55,955,871 (over $6.3 million).