7 facts about GDPR
The General Data Protection Regulation (GDPR) is now essential for the data processing that a company carries out. Below, you will find 7 important facts about GDPR in order to understand its impact, and more globally the interest of protecting data in companies.
1. The GDPR provides 8 consumer rights
The great feature of the GDPR law is that it places human rights above the user experience. If any of these rules are not applied, you can be charged a significant penalty. The 8 rights are: • The right to access personal data. • The right to be informed and give free consent ; • The right to data portability ; • The right to be forgotten ; • The right to object ; • The right to restrict processing ; • The right to be notified ; • The right to rectification.
2. 69% of European people have heard of the GDPR. (Source: Statista Research Department)
After four years since the GDPR was introduced, two thirds of Europe is aware of the legislation, according to the Statista Research Department. Indeed, we can see that awareness of the GDPR is higher in some countries on the continent. This is notably the case in Poland, which estimates that 95% of its population has already heard of the law protecting users’ personal data. Conversely, Estonia has a low awareness rate of 38%.
3. The GDPR obligations do not only apply to EU sites.
As stated in Article 3 of the GDPR, a non-EU company that may process data of EU citizens and residents is also required to comply with the GDPR.
4. The GDPR obligations don’t only apply to EU citizens
The GDPR can also protect any cardholder doing business within the EU. Example: Canadian citizens travelling to Spain must have their rights and the processing of their personal data must be compliant with the GDPR while the are in the country.
5. Non-compliance can result in hefty fines (Source: European Commission)
According to the European Commission, 57% of Europeans are aware that there are public data protection authorities. It is even these authorities that apply fines if they believe an organisation is not GDPR compliant. Fines for non-compliance can be as high as 4% of a company’s global turnover or €20 million.
6. 4.3 billion for data processing software expenditure (Source: Syntec Numérique)
Syntec Numérique estimates that companies spent around €4.3 billion on various software and services to comply with GDPR between 2017 and 2021.
7. Data stored in the cloud is not exempt from GDPR.
Many companies use a cloud storage provider to host the data collected from their European customers. Cloud storage providers are not always compliant, which is a mistake many organisations make. It is strongly recommended to assign a Data Protection Officer (DPO) to manage GDPR compliance within the organisation. The DPO has an information, advisory and monitoring role.