As we enter the age of artificial intelligence and the Internet of Things, our personal data matters more than ever.
By the mid-2020s, all devices will be creating 163 zettabytes of data a year. That’s the same as viewing all the movies on Netflix more than 500 million times; it’s an increase of 10 times the current yearly data creation rate of 16.3ZB.
Given these extraordinary statistics, the General Data Protection Regulation (GDPR), introduced in May 2018, was set up to regulate this largely unregulated data universe. The idea was to instil vital compliance by organisations, brands and social media companies often viewed by consumers as exploiting their data in nefarious ways.
Although it’s only been just over a year, people are starting to understand the far-reaching implications of the regulations. Some organisations – from large online retailers to healthcare providers – are already implementing the necessary procedures for compliance. But almost a third of EU organisations – public and private sector – still lag behind when it comes to complying with GDPR. Globally, the figure for non compliance with the different data protection regulations in each country is far worse – some estimates put it as high as 80%.
Under GDPR, the maximum fine for a company hit with a data breach is £17 million or 4% of global turnover, whichever is greater. Recently, in the Marriott Hotel Group was fined almost £100m by the UK Information Commissioner’s Office (ICO) after hackers stole the records of 339 million guests. British Airways was also fined £183m when 500,000 customer data records were breached. So the UK’s ICO has taken a lead in ensuring that organisations understand the implications for non compliance of the regulations.
To highlight the success of the ICO’s general awareness campaigns, in just a few months after the introduction of GDPR last May, data breach complaints increased 160% in the UK as British businesses came under more scrutiny from regulators and customers alike. By December, for many organisations alarm bells were ringing that data protection should now be taken much more seriously. Just one look at the ICO’s website on recent data breaches gives a good indication of the rise in cyber attacks across all sectors – and the actions being taken.
And it’s not just fines that will impact organisations – failing to comply will have a huge impact on reputational damage. In recent studies, 19% of British consumers said they would stop purchasing with a retailer if the company had been hacked. According to a 2018 UK Government report on cyber security, four in 10 UK businesses (43%) experienced a security breach or attack in the previous 12 months. These breaches cost small companies an average of £3,000 in productivity losses and reputational damage, while charges for medium-to-large businesses were estimated at more than £22,000, growing significantly year-on-year.
Globally, the EU’s GDPR has without doubt become the benchmark of all data privacy legislations and has had a far-reaching impact on the global consensus around privacy; promoting greater transparency, acting as a catalyst in the incubation of similar laws and laying the onus on companies to protect user data.
In the following global guide you’ll find evidence of this GDPR rippling effect across the world as we hear from legal experts from jurisdictions as far apart as California and New York, Mexico and Romania. Each legal advisor talks about how data privacy laws are changing in response to GDPR – and in some cases, ie, California, arguably going even further than the EU in data privacy.
Similarly, we will hear how different countries are driving privacy laws to suit their local environment – for both public and private sector – ensuring that all citizens feel more assured that state organisations and companies finally realise data privacy is everyone’s business.