top of page
Search
Writer's pictureKristen
Feb 23, 20222 min read

GDPR: 3+ years later...

Updated: Mar 22, 2022

Abstract

When GDPR first became a concern, business professionals did not immediately take it too seriously. It certainly did not escalate to the level of a full organization-wide initiative on a product roadmap.


After 3+ years in existence and enforcement, information can be gathered to determine the biggest fines —and speculate as to how they could have been avoided.


Background

It may be a gross generalization, but in my own experience, when prioritizing implementation could no longer avoided, the prevalent interpretation of the Regulation was that sites needed to have a "toast message" to allow a user to acknowledge the use of cookies. Occasionally, it was identified that the "privacy page" —assuming one existed —should describe (or at least mention) the use of cookies and provide an email address for privacy-related questions.


While that was the scope of preparation in many companies, given that the Regulation itself is 88 pages, it seemed that there must be more needed. (There were doubtless multiple heated exchanges on the subject.) In the U.S., corporate attitudes skewed toward viewing these privacy regulations as a nuisance, somewhat catering to EU nations. The mindset that an individual owns his/her own data, remaining in control even when that data is in use by the company, was a confusing shift. —In many ways, the same remains true today.


NOTE: Before proceeding to discussion of Enforcement & Fines, please note that the Regulation provides a set of definitions for fairly common words and terms, specifying their meaning as related to GDPR. As some are integral for a shared understanding of intent, they have been posted here for ease of access.


Enforcement & Fines

After 3+ years, organizations are still struggling to understand GDPR and its nuances. Ultimately, this is not surprising, given that "data privacy" is somewhat of a moving target itself. When considering the larger digital landscape, transformational initiatives, and ever-increasing cyber threats, it is difficult to do more than react. Even so, penalties and fines are scaling apace.



Republished with permission from eruditeMETA, ©2022. All rights reserved.

Comments

© 2018-2023 By Kristen Swearingen - swearingen.me | MiddleChild Tech | eruditeMETA. All rights reserved.

This publication may not be reproduced or distributed in any form with the author's prior written permission. It consists of opinions of the author's research and experience, which should not be construed as statements of fact. While the information contained in this publication has been created and cited where obtained from sources believed to be reliable, the author disclaims all warranties as to the accuracy, completeness, or adequacy of such information. Although this post and cited research may address legal and financial issues, the author does not provide legal or investment advice and its publication should not be construed as such. Your access and use of this publication is governed by the Usage Policy for swearingen.me | MiddleChild Tech | eruditeMETA,, respectively. The author prides his/her/their self on his/her/their reputation for independence and objectivity. The research and publication(s) are produced independently by its authors and organization without input or influence from any third party. For further information, see the Guiding Principles on Independence and Objectivity.

bottom of page