Have you ever wondered who manages the use of your data in the Internet? The use of personal data is an issue that, even if it has been handled carefully, given its importance, since we live connected to the network, it has taken even more relevance.
It was 2018, when after two years of adaptation, after its enforcement in May 2016, the general regulation for data protection, better known by the acronym GDPR, started being mandatory. A European regulation that made companies inform about the use of user's data and for which they have to provide their clear consent for organizations to use them. Until then, in Spain the regulation in force was the Organic Law for Parsonal Data Protection (LOPD) and for two years this one shared the same court with the new GDPR, until December 2018.
While the regulation is more extensive, you may sum up the most outstanding changes in three points.
On the one hand, the regulation will impose no bigger control over non-European companies, which until now were in a certain way not affected by many of the regulations. Now this new law is applied to all companies that process personal data from European residents, regardless of the company's location.
Fines are another point to take into account. The regulation is unyielding and severe to those that do not apply it, taking it to the point of imposing fines of up to 4% of the company's total income or 20 millon euros.
Finally, organizations have now the obligation to be clear on the requests for consent. They need to be easy to understand and include the aim of the treatment of users' data.
In addtion, the regulation's application makes companies inform immediately about any security breach that may take place in their database.
Only one out of five companies thinks that it is a necessary rule and there are still still many companies that said that regulation doesn't affect them or don't even know if they have to comply with it
Even though implementation is mandatory, the process was slower than expected. During the first year of its implementation, most of the companies didn't get invested on it and limited to mostly delete unnecessary old data, thus avoiding possible risks. It is quite shocking that only one out of 5 companies believe it to be a necessary rule, and some companies don't think this regulation affects them or don't even know if they have to comply with it.
At the beginning of this year, the company Finbold published a report on the fines and measures data protection authorities from the EU imposed according to the General Regulation for Data Protection of the EU for the first term of 2021.
From said study we can conclude that Spain and Germany have been by far the countries wih the highest number of fines imposed. In fact, Spain had almost half of the total economic sum of the European continent with 15,7 millon euros, only in the first three months of 2021, out of a total of 33,61 millon euros at European level.
In 2020, the economic figure in fines reached 158,5 millon euros; more than double of what was collected for the 18 previous months. Last year, the country with the highest economic figure was France, but Spain was again the one that notified the highest number of fines, accumulating more than 281.000 non-compliance notifications after the law was enforced.
These might interest you...