We all remember the context in the run-up to May 25th 2018. GDPR was the hot topic and the press gave it coverage, reaching certain level of saturation, to provide information with more or less rigor on the most relevant news regarding the European Regulation.
May 25th 2018 is one of those key dates that has become ingrained, without having to accept cookies beforehand, in our collective memory. But what has happened after? Were expectations met?
The discourse of fear: Expectation versus reality
The European Data Protection Regulation has significantly raised the fines levied for data breaches. Companies faced this reality with a certain degree of fear and concern, however, was it really necessary?
The discourse of fear tends to reign triumphant. We see reports on the levying of huge fines rather than more optimistic arguments highlighting how the correct GDPR implementation can be a competitive advantage for companies.
This brief one-year period shows us a reality that, in practice, is somewhat different to the expectation that was generated. We can paint a more positive picture if we focus on adapting to change, promoting proactive responsibility and learning from what is happening around us.
There really are no advantages to the discourse of fear because it is paralyzing, and we are currently at a crossroads where we need to take action. I personally have more faith in educating, raising awareness and encouraging prevention. It is not a question of getting around the fining system, but rather understanding the principles that it is based on to avoid being fined.
Learning from our surrounding environment
European supervisory authorities have started to levy their first fines and open investigations, companies such as Facebook and Google are not the only ones that have received penalties. Here is a list of the most significant ones: