Just over a year after the implementation of the General Data Protection Regulation (GDPR), an initial assessment is emerging of its impact on businesses.
Although not always well understood by individuals, this regulation has nevertheless taken on great importance, having a significant impact on companies managing information about European citizens.
A new awareness
In France, according to the CNIL, over the past year there has been a growing awareness of the need for better management of personal data, among individuals and professionals alike.
Today, around 6 out of 10 Europeans are aware of the existence of a data protection authority, compared with just 4 out of 10 4 years ago.
On the corporate side, data protection officers are becoming increasingly common.
On the other hand, companies, for whom the terms of the RGPD are not always very clear, are increasingly seeking information from reference bodies such as the CNIL.
A boom in the number of complaints
This massive awareness among individuals, who, while they may not have grasped all the details of the RGPD, have clearly understood that it strengthens their rights, has resulted in a huge rise in complaints about the management of their data.
In France alone, complaints rose by 30% between May 2018 and May 2019.
And these are not just isolated complaints, but increasingly grouped complaints, sometimes led by consumer associations and groups.
Penalties
The RGPD provided for financial penalties of up to 4% of the offending company’s sales.
And for several months now, these sanctions have been increasingly frequent and with higher and higher amounts.
Indeed, the European Commission had planned to be conciliatory at first, anticipating that it would not be easy for all structures to adapt to the new regulations.
As the months went by, the sanctions became more and more significant, as witnessed by the 50 million euro fine imposed on Google last January by the French CNIL.
We’re still a long way from 4% of sales, but it’s clear that sanctions are becoming increasingly severe.
It’s worth noting that it’s mainly multinationals that are currently in the European Commission’s crosshairs.
Swiss late
On the Swiss side, the RGPD seems rather far away since no similar regulation has yet come into force in the country.
However, Swiss companies should bear in mind that this regulation doesn’t just apply to European companies, but to all companies that hold personal data on European nationals, including in Switzerland.
This applies not only to customers, but also to employees, many of whom come from neighbouring countries to work in Switzerland.
The DPA is currently being updated, but it could be several months before it comes into force.
No sanctions have yet been pronounced against Swiss companies, but the most far-sighted have already begun the process of bringing themselves into line with European regulations.
Indeed, over and above the financial aspect, it is their competitiveness that is at stake, in the face of companies whose data protection is guaranteed.
