Freight trains take time to build steam. That’s your metaphor for what’s to come in 2019 for the General Data Protection Regulation.
“I think people were expecting a massive fine on Day One,” said Forrester principal analyst Fatemeh Khatibloo, “[but] these investigations take time.”
Data protection authorities (DPAs) across Europe have their hands full fielding an influx of inbound grievances. The number of data breach, consent and privacy-related complaints have increased since the law took effect in May. Over the summer, the United Kingdom’s Information Commissioner’s Office reported a 160% uptick in data breach complaints from the year before. Whistleblower reports on company data breaches in the United Kingdom have almost tripled.
“There is clearly increased awareness within the general population about the GDPR,” said Ronan Tigner, an associate focused on data privacy and security at law firm Morrison & Foerster.
Consumer advocacy groups are also filing complaints on behalf of consumers, primarily directed at the big tech set, under a new collective redress or class action mechanism introduced through Article 80 of the GDPR.
Priorities, priorities
With all that activity, it makes sense that member state DPAs…