Two years in, there’s no easy lifting for companies looking to comply with the General Data Protection Regulation (GDPR), which governs how data gets transferred outside of the European Union.
The European Commission said in a report this month that while GDPR is “an overall success,” further actions are needed — especially among small to mid-sized companies — to promote what one top official calls “vigorous enforcement.”
The report found that 69 percent of EU residents over age 16 have heard about GDPR, while 71 percent have heard about their country’s national data-protection authority, according to the EU Fundamental Rights Agency. “However, more can be done to help citizens exercise their rights, notably the right to data portability,” the EU said in its report.
The report found that though there was a 42 percent boost in staff and 49 percent in budget between 2016 and 2019 for all EU national data-protection authorities taken together, there are still stark differences between member states. For example, the report noted that the Irish, Dutch, Icelandic, Luxembourgish and Finnish authorities benefitted from the largest relative increases in staff.
And because member states must pass legislation to regulate some areas, “there is still a degree of fragmentation which is notably due to the extensive use of facultative specification clauses,” the report found. For instance, different countries have different rules as to how old a child must be to consent to the use of his or her data.
“This fragmentation also creates challenges to conducting cross-border business, innovation, in particular as regards new technological developments and cybersecurity solutions,” the report said. “The situation is still uneven between member states and is not yet satisfactory overall.”
The report added that applying GDPR might be especially challenging for some smaller firms. In September, consulting firm Capgemini reported that only roughly a third of firms were fully compliant with GDPR.
“For many organizations, the true size of the GDPR challenge only became apparent as they began the initial projects to identify the applicable data that they held,” ZDNet recently quoted Chris Cooper, head of cybersecurity practice at Capgemini, as saying. “As a result, only the most focused organizations had completed their GDPR readiness by the time the legislation came into force.”
Meanwhile, PYMNTS recently reported that there are also concerns over data security and open banking.
Studies have shown that 49 percent of bank customers believe their personal data will be less safe due to open banking. After all, data can be exposed not just in attacks on consumers’ banking apps of choice, but also by attacks on application programming interfaces (APIs) that their apps are leveraging. And attacks on APIs are accelerating.