GDPR after 3 years: 5 lessons we have learnt
Last month marked three years since GDPR arrived on the data protection and privacy scene.
Following the iconic date of May 25th 2018, we’ve read headline after headline about the latest high-profile GDPR fines, including those handed out to Google (€50 million), H&M (€35 million), TIM (€27.8 million) and British Airways (€22 million).
While there’s no denying that regulatory bodies are cracking down on compliance, and that breaches and fines are indeed rising (at over 12% compared to last year), the varied consequences of GDPR have been much more interesting and significant than its penalties.
From the shifting role of the compliance department to the death of the GDPR spreadsheet, five members of our Complyon team share their biggest takeaways from the past three years.
1. It’s time to ditch the set it and see attitude
“In 2018, I think most of us remember being spammed with inboxes full of consent forms and preference updates. This early surge of GDPR activity showed that many companies were taking compliance seriously and doing a great job of investing in the necessary resources for the best start in their GDPR journey.
However, three years on, I’ve observed that much compliance activity and interest has tailored off. Many businesses are in the position where they must revisit their initial efforts, which are now outdated and risky.
If you’re due a GDPR re-evaluation, rather than seeing this process as daunting, reposition it as a great opportunity to add some serious value to your company.
In reviewing your policies, processes and data mapping scenarios, you’ll all of a sudden find yourself sitting on valuable company information that can benefit multiple areas such as IT, security, HR and marketing. Your new oversight will result in more effective strategies and profitable decisions for your entire enterprise.”
– Alexandra N. B. Sigursteinsdóttir, Head of Customer Success
2. GDPR enforcement has really taken off
“Enforcement of GDPR has surprised me the most during the last three years.
We have seen more engagement from the data protection authorities in the hope of getting more harmonized data protection across the EU member states (which was one of the primary goals with GDPR).
There was a slow beginning, which is understandable, but now we’re seeing more action from the data protection authorities. Although they may be reluctant, in the past year we have seen more guidelines being produced and a lot more fines have been served.
For me, this is a sign that organisations can expect enforcement to continue to ramp up over the course of the year, and that they need to make sure they’re on top of their compliance game.”
– Dilan Celik, GDPR Compliance Project Lead
3. Compliance tech needs to partner up to scale up
“In the increasingly competitive LegalTech space, it is becoming apparent that compliance and risk management vendors need to seek out strategic partnerships in order to scale and remain cutting-edge.
For example, at Complyon, we’re actively onboarding solution partners such as law firms and consultancies to help us cater for global-local implementations and ensure our platform can scale internationally.
It’s a win-win situation as we can grow and future proof our product and services while our partners add value to their customers by recommending the right tool in the right context, and they themselves can work better and faster by using our software.”
– Christian Meldgaard, CAO
4. Compliance teams have become more strategic
“During the past 3 years, GDPR has disrupted the entire Governance Risk & Compliance market and is forcing companies to step up their game when it comes to knowing their own business, doing value-adding risk management across regulatory areas.
This change is now making the compliance department become a strategic entity.”
– Julie Suhr, CEO and Co-founder
5. GDPR has matured significantly
“What I’ve noticed happening over the past few years is that, across all sectors, GDPR maturity is getting more and more advanced.
Increasingly, I’m meeting GDPR responsibles who have the support of top management, which is great because this hasn’t always been the case. This backing is allowing compliance and legal teams to be more strategic, instead of purely reactive.
As maturity increases, the need for smart, time-saving software is also becoming more widely acknowledged and accepted. I’m hearing more people than ever finally realizing that when it comes to compliance, manual-heavy processes and Excel are a thing of the past.”
– Thomas Wind Bøglund, CCO
You can also follow us on LinkedIn for regular GDPR updates and news.