On International Data Protection Day our Technology team round-up some of the key data protection stories of 2018 and look ahead to the likely events of 2019.
The highlight of 2018 in data protection spheres was the European Union’s (EU) revolutionary regulation, the General Data Protection Regulation (GDPR). The GDPR made way for 2018 to be the year where EU data protection law made its global standard known by demanding compliance from businesses in the EU and worldwide. For many businesses, the focus turned from “GDPR Readiness” to “GDPR Compliance” overnight in the race against time to be prepared by 25 May 2018, the date the GDPR took effect.
On International Data Protection Day 2019, we expect 2019 to be a year where businesses look back to review “GDPR Readiness” preparations for “GDPR Compliance” and do an inventory of their level of compliance with this new and robust data protection regime. According to the International Association of Privacy Professionals, only 44% of businesses believe they are compliant with the GDPR.
We await the first fine to be imposed on Irish soil by the Data Protection Commission (DPC). However, other EU data protection authorities (DPA(s)) are setting a precedent likely to be replicated:
- The first major fine under the GDPR was issued by the Portuguese DPA, who fined a hospital €400,000 for breaching the GDPR’s appropriate technical and organisational measures requirements.
- The German DPA closely followed, issuing a fine of €20,000 for a similar breach – the significant difference being the level of co-operation between the relevant business and the German DPA.
- Only last week, Google France was fined €50m by the French DPA for breaching the GDPR’s transparency requirements – a headline area of the GDPR that is an enforcement priority of all EU DPAs in 2019.
3,000 personal data breach reports were filed with the DPC by December 2018 under the GDPR. The UK DPA recorded a major jump in the number of personal data breach reports from 367 in April 2018 to 1,792 in June 2018. Similarly, the French DPA received 742 breach notifications between 25 May 2018 and 1 October 2018, with more than half originating from hacking, malware or phishing activities.
In 2019, the GDPR’s enforcement trends by EU DPAs will be closely followed and digested by businesses. It is also certain that all eyes will remain glued to the issue of Brexit; as a path is paved towards the future of UK data protection law and its interaction with businesses worldwide. Now is the time for all businesses impacted by Brexit to take action by implementing Brexit contingency plans to prepare for what may lie ahead.
Businesses will also need to keep an eye out for developments on the new EU e-Privacy Regulation and be ready to kick-start preparations once the European Commission and European Parliament agree a final text.
2019 will also be a year for Big Data, with developments in Convergence, Artificial Intelligence, Blockchain and Internet of Things all evolving at a rapid pace. Traditional sectors converging with technology will see further developments in the areas of InsurTech, RegTech, AgriTech and AdTech.
To mark International Data Protection Day 2019, our Technology team round-up some of the key data protection stories of 2018 and look ahead to the likely events of 2019. You can keep up to date with the latest insights on our website and follow us on Twitter @WFIDEA (https://twitter.com/wfidea?lang=en).
Part 1: 2018 Round-Up
- Conditional Agreement reached to Create World’s Largest Area of Privacy Compliant Data Transfers
- Increase in Access Requests and Breach Notifications after 25 May 2018
- High Court Reverses Circuit Court ‘Right to be Forgotten’ Determination
- New Guidelines on Binding Corporate Rules under the GDPR
- Former Civil Servant Jailed for Selling Personal Data
- ECJ Rejects Attempt by Schrems to Bring Class Action in Austria
- Central Bank of Ireland – Report on Outsourcing
- Data Protection Could Be a Second Bite at the Apple for EU Competition Regulators
- Blockchain Resolution Passed by EU Parliament but GDPR Could Be a Weak Link
- Record Fines for Insurance Company, Management and Contractors for Breach of UK Data Protection Laws
Part 2: 2019 Forecast
- Google fined €50m for GDPR breach by French Regulator
- Countdown to Post-Brexit Data Transfer Arrangements
- Applying the Right to Be Forgotten Outside the EU? Forget About It
- Could Your Business Be Held Vicariously Liable for a Rogue Employee’s Data Breach?
- Has the GDPR Opened the Door to Class Actions in Ireland?
Contributed by: Rachel Hayes & Leo Moore