By Legal Futures’ Associate Knovos [1]
Despite increasing fines, 30% of European businesses remain noncompliant
More than one year after implementation of the General Data Protection Regulation (GDPR), nearly one-third of companies doing business in the EU have failed to achieve compliance with the regulation. Further, only 57% of those tasked with managing organisational GDPR compliance express confidence that their business is actually following the rules (EBA [2]).
Since its implementation on May 25, 2018, GDPR has forced sweeping changes across the organisational landscape, sending a clear message that corporations without controls over their data are operating under a high-risk strategy. According to one survey, there have been more than 59,000 reported data breaches throughout Europe (DLA Piper [3]), with small and big organisations alike already subjected to substantial fines.
On July 8, British Airways was faced with a record $230 million fine (CNN [4]) for a data breach that compromised the private information of nearly 500,000 customers. Just one day later, the U.K. Information Commissioner’s Office (ICO [5]) announced its intention to fine Marriott International $124 million for its breaches of data protection law.
Apart from having the ability to levy fines, the ICO has other available forms of disciplinary action, including issuing warnings and reprimands, imposing temporary bans on data processing, suspending data transfer rights, or even removing or recording the material or written data. Companies now realise that it’s simply good business to have their data in order, especially considering how the blowback from a data breach can ruin their reputation or result in litigation that may be more damaging than the initial fines.
GDPR compliance [6] requires both organisational and technical planning. Over the past year, Knovos has helped ensure that our clients’ technical compliance challenges are being properly addressed. Our advanced information governance technology provides information protection teams with a data command center that allows them to connect all of their dispersed information into one centralised repository. This enables organisations to establish proper data access rights for each individual employee, as well as to search across their entire data landscape and act on the results as needed.
The fundamental tenets of GDPR include accountability, reportability, searchability, purgeability, and portability. Organisational deployment of effective technological solutions accommodates these tenets while protecting against the fines and other potential damages associated with violation of GDPR regulations. Automated and flexible data management [7] capabilities like those offered by Knovos are also critical to helping organisations both large and small enhance security, reduce risk, and consolidate data.