How is the GDPR doing?

24 June 2019

The updated GDPR went into effect a little over a year ago. The new regulations with which companies must comply, brought along many changes. One year in, how are things with the GDPR?

How does the GDPR work again?

Last year in May, the General Data Protection Regulation (GDPR) officialy went into effect. Actually, the law has existed since 1 January 2016. The GDPR law has streamlined all the regulations regarding the collection and storage of personal information throughout the EU. That rang in the end of the WBP or Wet Bescherming Persoonsgegevens, the previous Dutch law regarding the security of personal data. The GDPR also grants consumers more insight into and say over the data collected by businesses. 

Changes for corporations due to the GDPR

The question is whether much has changed since the introduction of the GDPR law. In fact, there have not been many changes in comparison to the previous WBP. The biggest difference has been in how the rules are enforced. 

Major changes are mostly regarding how to document, for example, in the mandatory documentation of a data leak. It is also compulsory for companies to appoint a Data Protection Officer. That person advises and reports on the implementation of the GDPR. Since the introduction of the GDPR, most companies have become more aware of their duty to handle data securely.

How are companies complying with the GDPR?

GDPR-proofing a company is quite complicated and can take up a lot of time. It all depends on the size of the company and the information the business is working with. That’s why many companies choose to leave that task to a specialised third party.

GDPR numbers after 1 year

Numbers from the European Commission show that 67% of Europeans have heard of the GDPR. In each country, a particular authority is responsible for defending the rights surrounding personal data. 57% of Europeans are aware of that. However, only 20% actually knows which public authority is responsible for the task.

Take a look at the infographic from the European Commission below.

 european-commission-cijfers(1).png

A 50 million euro fine under the GDPR

The introduction of the GDPR has led to a significant new threat: the authority to impose fines. The GDPR has granted individual countries the authority to impose penalties on companies who don’t comply with the GDPR norms. In the Netherlands, that task falls to the Dutch DPA or Autoriteit Persoonsgegevens.

Companies can be hit with fines of up to 20 million euros or a maximum of 4% of their yearly revenue.

So far, no fines have been imposed in the Netherlands. It has happened in other countries, though. In Belgium, a mayor was fined almost two thousand euros. The steepest fine to date was issued by the French CNIL, which slapped Google with a 50 million euro fine for a lack of transparency about their data processing.

The Netherlands has issued suspended sentences, though, for example to the Dutch police and the Dutch Employee Insurance Agency, UWV. Those suspended sentences will be converted to fines in the case of a repeated offence.

GDPR compliance with DataChecker

DataChecker helps companies comply with the GDPR. We do that by taking identification processes off your plate and by storing encrypted personal information in our secure database.

There are various approaches to complying with the GDPR in an efficient and affordable way. Solutions like the RTW Check and the ID Check keep you in line with the new regulations and automate the whole process.

Would you like to hear more about the ways we can simplify GDPR compliance for you? Simply get in touch.