It has been one year since the GDPR legislation came into force in the EU and there has been much talk about whether it’s working and how effective it has been.
Money Week recently explored what impact GDPR has had on businesses and consumers. The publication highlighted the significant increase in data breaches that have been reported to the authorities since GDPR’s introduction.
In the UK, the total number of reported breaches so far in 2019 is estimated to be around 36,000, far exceeding the annual rate of 20,000 that was recorded previously.
The news provider also pointed out that, across Europe, 206,000 cases were recorded in the first nine months after GDPR came into force. These cases included 95,000 complaints and 65,000 notifications of data security breaches.
But while there have been many reported data breaches, the number of businesses to receive fines under GDPR is very small. In fact, despite 11,468 data breach cases being resolved in the first year of GDPR, just 29 resulted in fines.
Among the biggest fines issued in this time have been a €50 million fine issued to Google by the French authorities, and £500,000 to Facebook and the same amount to Equifax. However, the news provider notes that while there have certainly been some large fines, the vast majority of companies that report breaches are escaping without financial penalty.
CPO Magazine recently looked at how small businesses in particular have been coping with the GDPR rules, noting that they brought about “a huge shift in the way data is handled by businesses”.
However, the publication cited research conducted by Hiscox, which found that nine out of ten small business owners don’t know the main rights that GDPR gives to consumers concerning their data.
What’s more, over half of these business owners are less aware now of what GDPR means than when it was first introduced. The Hiscox survey found that 39 per cent of small business owners are unaware of what kinds of businesses need to comply with GDPR.
The news provider pointed out that, given the low rates of awareness, it’s fair to assume that many businesses therefore still aren’t compliant with their GDPR obligations.
However, the article also noted that, rather than worrying about not being compliant, businesses should take the steps they need to bring their organisations in line with GDPR. It stressed that this is “an ongoing project rather than a one-off job”.
The publication added: “Some of the key GDPR actions being taken by businesses include cleaning up their databases and ensuring that they have consent from everyone whose data they possess.”
One of the most noticeable changes for consumers is the rise in opt-in cookie pop-ups on websites, rather than a notification simply telling them that cookies are being used on a website.
Businesses in all areas of work need to be aware of their GDPR obligations, including those in the life sciences industry. If you need assistance with your life science sales pipeline, get in touch with us today
