2018 brought about a major shift and more clarity in the world of individual data privacy. May marked the one-year anniversary since the European General Data Protection Regulation (GDPR) was introduced. The regulation was an attempt to unify the existing legislation put in place by individual EU member states. GDPR is designed to guide organisations in protecting the personal data of EU citizens and covers any data that could feasibly be used to identify an individual. This could include medical records, genetic information or economic information – these elements are the target of a data breach.
The GDPR required all businesses to report certain types of personal data breaches to the relevant supervisory authority. The regulation indicates that you must do this within 72 hours of becoming aware of the breach, where feasible. It’s interesting to see how effective the new regulation has been and where do organisations stand when it comes to GDPR compliance. Let’s have a look at the fate of businesses under GDPR regulation since it was introduced.