By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Today marks the second anniversary of the introduction of the EU's General Data Protection Regulation (GDPR). With privacy in the spotlight at the moment due to COVID-19 tracing apps, we got the views of some industry experts on the effect that GDPR has had on our individual privacy and on the way businesses handle data. "While it's the second anniversary of GDPR, being GDPR-compliant isn't about a point in time," says Steve Grewal CTO of data management firm Cohesity. "Compliance is an on-going process that requires organizations to take the utmost care in managing and protecting personal data. This means minimizing data volumes, reducing data fragmentation, and -- absent standardized policies in the US across all 50 states on personal data and privacy -- taking a proactive approach to ensure data is secure and protected. In 2020, it’s imperative that organizations are good stewards of customer data. Failing to make compliance a key part of an overall data management strategy can severely damage trust and erode brand reputations." Grewal also believes any erosion of privacy due to tracing apps will be temporary, "Just as individuals were asked to trade privacy to access social networks, individuals are being asked to consider a lower level of personal privacy while being under lockdown, as governments are exploring the use of tracking apps to track the spread of the virus. Though Europe's laws are strict, exemptions for public-health crises are written into EU data protection rules. Any use of data must be proportionate and fall away once the crisis has passed." Bob Swanson, a security research consultant at SOAR company Swimlane believes GDPR enforcement has yet to fully bite, "When we look at the introduction of GDPR everyone was focused on proposed fines. But have the actual fines issued lived up to that? No they have not. How you institute change is through collaboration and accountability, specifically among the largest most influential organizations. Take Google for example. Of the millions in fines issued in 2019, the majority of those were issued to Google. However when you compare Google's 2019 issuance of $57 million in fines to annual revenue, some would say this fine more closely resembles a slap on the wrist, versus a mechanism to institute change among the tech giants. These types of organizations will be the ones to truly influence the adoption, adaptation, and staying power of such legislation." Others though think GDPR has been a success. Grant Geyer, chief product officer of operational technology platform Claroty believes, "Just as important as the principles the regulation stands for, the European Union’s global enforcement of blatant and willful violations of the rights of European citizens to have their personal data safeguarded has raised its prominence to the gold standard of data protection regulations worldwide. In today's global economy, GDPR has swiftly created a replicable regulatory blueprint that represents a win for citizens to maintain ownership over their personal data.  That's a sacred right in a digital economy where for many years personal data has been abused and monetized without awareness, consent, or recourse." "It is clear GDPR has so far been a success," says Paul Breitbarth, director, EU policy, and strategy at privacy management company TrustArc. "Companies around the world have become much more aware of the importance of privacy compliance, updating their approach to how their customers’ data is collected, used, and safeguarded." To learn more, visit OUR FORUM.