To catch as clear as possible the wide diversity of views on how the GDPR phenomenon has evolved, both from the perspective of what has happened positively, but especially in terms of the efforts that must be further submitted, I addressed the same set of 5 questions to a number of foreign and Romanian specialists – that I appreciate for their active contribution to promoting GDPR values.
I found it particularly interesting that, although each of the people I spoke with comes from experiences in different fields: law specialists, software application developers, certified in information security, independent consultants, experts and auditors of technical standards, a common point of view could be find in many of the answers. This can be a proof of the crystallization of a new class of specialists, who in addition to the previous expertise have accumulated a lot of practical experience of projects and GDPR being a more than a simple topic of debate.
I will resume the conclusions reached through the general analysis of each of the questions asked in GDPR Catalogue Cover Story, starting with the first question: What are the most important (personal) reasons for satisfaction related to the evolution of GDPR in the last 3 years?
As I expected, a first reason for satisfaction is that the GDPR has drawn our attention to the importance of data protection and the fundamental reasons why laws exist and are still needed. As ICE Information Commissioner Elisabeth Denham said: “GDPR is the biggest change in personal data protection laws. Although it has much of the old legislation, it brings the perspective of 21th century for the processing of personal data, ensuring greater protection for EU citizens and more respect for the confidentiality of organizations. “
But gaining respect for data processing requires a “mass” awareness of data protection and the importance of ensuring individual rights. One of the evidences of this awareness is the rather large number of complaints addressed to data protection authorities. According to the statistics published by the Romanian Supervisory Authority, in the first four months of this year alone, more than 1733 complaints, notifications and notifications regarding security incidents were received.
Other reason for satisfaction is that some organizations are beginning to realize that ensuring alignment with GDPR requirements is not a unique project and that data protection must be incorporated into and maintained in all processes of the organization. There are quite a few managers evolving from a purely opportunistic thinking like “maybe so, let’s solve it faster”, to a much more correct attitude like “if it is important to we’re doing this, let’s do our best. “
Another positive fact, in many cases confidentiality has become a central point of discussion not only in the EU, with the tendency for more and more countries to adopt privacy legislation, in line with the adequacy criteria set by the EU. But not only have other countries tended to align, but also large corporations. Despite the fact that many experts believe that the great “GAFAM” players (Google, Amazon, Facebook, Apple, and Microsoft) have not been penalized too severely, no one can dispute the fact that all of them have started to feel the pressure of the community and are striving to keep up with the GDPR, as far as possible… The process of compliance of social applications and platforms is long, and users have become aware of their rights and are more careful to privacy notifications received, even if they still use invasive browsers, applications, tools, and technologies…
At the level of large, medium and small companies, there is a definite concern for ensuring appearances, there are many situations in which business continuity is conditioned by the mandatory fulfilment of compliance criteria, regardless of the size of the organization or field of activity. The secret of a correct attitude towards GDPR for organizations is to understand that the fine is not the worst thing that can happen if non-compliances are identified and that the possibility of losing the trust of customers, partners, and image in the market is a much greater consequence.
As a personal opinion, I would add that there is hope (and I was surprised to find this in many different areas) that decision makers become proactive and do not wait for something to happen. Ensuring a satisfactory level of compliance depends on understanding that the GDPR is not a “calamity” for the organization and that alignment efforts are an opportunity in many ways. But, as I said, this change of attitude is still a hope; only 20% of those who responded to a quick test addressed to members of the GDPR Ready group on LinkedIn appreciated the real impact of GDPR on personal data processing processes.
“3 YEARS OF GDPR WITH GOOD AND BAD” is the title of the article “Cover Story” in the electronic publication “Catalog GDPR” edition 1, published in June 2021, pages 8-51.
The GDPR Catalog can be read in eBook format here: