Happy birthday GDPR!
More than 95,000 complaints, over 40,000 data breaches notifications and an eye-watering € 50 million fine levied upon Google for breach of the GDPR highlight the first year of the new rules. At its inception GDPR was searched more often on Google than Beyoncé and Kim Kardashian and got more media coverage in 2018 than Mark Zuckerberg, who earlier that year heard ‘Your user agreement sucks’ while giving testimony before a joint Senate over the Cambridge Analytica fiasco. Unlike competing in the Eurovision contest, where singing, as one critic said, is optional, compliance with the new rules in the European Union appears to be more imperative in nature.
Good news for the Australian businesses bound by the Privacy Act and required to comply with the GDPR is that they may already have in place privacy some protection measures required by the EU regulation. According to a resource issued by the Office of the Australian Information Commissioner, the GDPR and the Privacy Act, among many commonalities, share Privacy by Design approach to compliance and consider privacy impact assessment as integral to achieving Privacy by Design principle. Market stimulated by the emergence of GDPR also comes in hand offering both, certified privacy professionals (the International Association of Privacy Professionals launched their CIPP/E designation last November) and systems, such as growing in popularity ISO:27001 to assist in compliance with privacy obligations.
The European Commission noted that the new rules are becoming a global standard; the EU-US Privacy Shield instantly comes to mind as an example of the GDPR spreading beyond the Schengen zone. In the light of the above it is fairly safe to say that GDPR is here to stay, in which case, my vested interests aside, I wish it many happy returns!
GDPR statistics sourced from the European Commission Joint Statement by First Vice-President Timmermans, Vice-President Ansip, Commissioners Jourová and Gabriel ahead of Data Protection Day, Brussels, 25 January 2019