GDPR an awareness and perspective that enhances compliance

18 December 2018

Personal data protection: scandals revealed

Recently, 250 pages of internal Facebook communications were made public by the British Parliament. Dating from 2012 to 2015, these exchanges reveal the web giant’s intention to commercialise access to its users’ personal data without their knowledge. Some companies such as Netflix, Airbnb, Lyft or Badoo would have already had privileged access to it.

This is just one of the many scandals related to the protection of personal data that are frequently reported in the news. Among them, the hacking of the data of nearly 100 million users of the question and answer platform Quora following a cyber attack.

Websites and social networks are not the only ones in turmoil: the Marriott International hotel group recently announced the hacking of one of its databases containing information about more than 500 million of its customers…

Such events, coupled with the media coverage of the GDPR debates, have contributed to raising awareness of the problems of personal data management and protection.

A growing awareness in public opinion

The 2018 Digital Barometer reports that the protection of personal data, considered insufficient, is the main obstacle to using the internet for 40% of the population this year, i.e. 6% more than the previous year.

This mistrust is not limited to the web, since 86% of French people think it is safe or likely that software capable of transmitting information without the user’s knowledge is installed on mobile phones. While 34% prefer to access restricted services in exchange for the protection of their personal data, 13% would be willing to pay to ensure that it is not used. Similarly, 76% would refuse to share their data such as geolocation or information on their preferences and tastes in order not to pay for a free service that would become payable.

Isabelle Falque-Pierrotin, President of the CNIL, stated that the GDPR was responding to a “social demand” when commenting on the report drawn up by the administrative authority six months after the regulation came into force. A report which mentions that “66% of French people say they are more sensitive than before to the protection of personal data”, which is reflected by a 34% increase in the number of complaints received by the CNIL, but also by the 1,000 cases of data breaches it has been notified of in 6 months, i.e. about 7 per day.

The tide is beginning to turn

As a direct consequence of this growing public awareness, following the multiplication of scandals involving Facebook, such as the Cambridge Analytica affair, or the recent discovery of its intention to commercialise its users’ personal data, American fund managers no longer wish to invest in the company’s shares, and a hundred or so of them have even sold all of their holdings.

The value of the American company’s shares has fallen by 21.8% since the beginning of the year.

According to Jim Hamel, portfolio manager at Artisan Global Opportunities:

“the first quarter revelations about personal data, growing concerns about data security and regulation (…) should weigh heavily on earnings growth in the quarters ahead”.

Thus, it would seem that the proper use of personal data protection as prescribed by the GDPR is becoming a key factor in a company’s prosperity.

Compliance: an encouraging but still half-hearted assessment

Despite the obligation to comply, organisations are far from having made the transition, particularly SMEs and VSEs. According to an OpinionWay study, 34% of their managers admit that they are not sure they are compliant, and 14% are convinced that they are not. The survey indicates that generally speaking, the smaller the company, the more difficult it is to integrate the constraints imposed: this is the case for 28% of companies with more than 150 employees, and 49% of those with fewer than 150 employees.

The adaptation to the provisions set since May is therefore neither finalised nor homogeneous, despite the disappointments that this may cause. For if compliance with the GDPR can be costly, non-compliance can be even more so because of the penalties incurred. If the CNIL has so far been lenient, aware of the novelty of the law and the difficulties of implementation for some companies, it will not fail to impose more sanctions in 2019.

Whether it is to protect itself from sanctions or to ensure its long-term survival, it is in a company’s best interest to accelerate and finalise its compliance with the protection of personal data.

In order to respond quickly and appropriately to regulatory constraints, Fair&Smart has developed solutions for managing consents and managing responses to requests for the exercise of rights.

If you would like to learn more about Fair&Smart and our personal data management solutions, click on the button below:

Let’s contact us!