May 25, 2019 was the first anniversary of the compliance date of the EU’s General Data Protection Regulation (GDPR). Since May 25, 2018, GDPR has required companies that do business with EU residents to have policies and procedures in place to ensure the privacy of EU data subjects is protected and their rights under GDPR are honored.
For the past 12 months, noncompliance with any aspect of GDPR can result in a significant financial penalty. The maximum fine for noncompliance with GDPR is €20 million or 4% of global annual turnover, whichever is greater.
The past year has seen a handful of fines issued for noncompliance, but not nearly as many as many people expected. This can partly be explained by the huge backlog of cases most supervisory authorities have. It is taking a long time to work through GDPR complaints and data breach reports and conduct investigations. Most supervisory authorities are now clearing the backlog and a higher number of financial penalties are expected to be issued in 2019.
The one-year anniversary of the compliance deadline was marked with the release of a report from the EU on GDPR awareness. A survey was conducted across the EU in March 2019 to help gauge the level of awareness of GDPR and the rights of EU residents with respect to personal data.
The report showed that more than two thirds of Europeans (67%) had heard of GDPR and six out of ten individuals had heard of the supervisory authority protecting their data. However, only 36% knew what GDPR was and 31% of surveyed individuals had not heard of GDPR.
When asked about personal rights, 73% of respondents had heard of at least 1 GDPR right and 31% were aware of all of their rights. 27% of individuals had not heard about any of their rights under GDPR.
Out of the surveyed individuals who had already exercised a GDPR right, 24% had opted out of direct marketing, 18% had exercised the right to access their personal data, and 16% had corrected their personal data.
The survey also explored the different uses of the internet, including the use of social media networks and online shopping. 75% of respondents said they used the internet every day and 77% have bought items online. 14% of respondents said they never use the internet and 2% said they do not have internet access.
69% of individuals use the Internet every day (56%) or 2-3 times a week (13%). Half of people have now changed the default privacy settings on their social media profile.
Only 13% of people read online privacy policies carefully but 60% do read privacy policies at least partially. The number of people who read privacy policies has declined by 7% since 2015.