Will 2019 Be the Year of GDPR Fines?

By: Neeraj Annachhatre | 1/22/2019

Is 2019 the year we will feel the full impact of GDPR? Chances are good the answer to that question is a resounding “yes!”

GDPR went into effect May 25, 2018 and, as of yet, no sizable fines have been levied for data privacy missteps in the protection of personally identifiable information (PII) of EU citizens. Despite light action in actual enforcement to date, there is plenty of evidence to suggest regulators have been very busy with all of the details that will inevitably lead up to the big penalties the regulation has become known for.

Last year, data privacy groups filed the first complaints under GDPR against Facebook and Google. Since then, nearly every European data protection agency (DPAs) reports a significant increase in both data privacy complaints and breach notifications. The newly formed European Data Protection Board (EDPB) is tasked with enforcing GDPR and says well over 40,000 complaints have so far been lodged across the EU.

As the number of complaints continues to rise, DPAs are staffing up to investigate and handle resulting enforcement action. The Irish Data Protection Commission (DPC) for example, has grown from less than 30 employees in 2014 to 130 employees in 2018, with further expansion planned for 2019. Many of the world’s largest tech companies have their EU headquarters in Ireland, including Facebook, Twitter, Microsoft and LinkedIn and, therefore, fall under the purview of the DPC.

All DPAs aren’t exclusively focused on hand-slapping however. Some have been consulting with businesses on how to better protect their data. And, in December, the EDPB issued guidelines for how to comply with the geographic scope currently outlined in Article 3 of GDPR which could be interpreted as anyone who processes EU citizen data must comply, regardless of where the business is located.

Monitor and Secure PII

What can you do to address GDPR compliance and ensure you won’t be making headlines for the wrong reasons in 2019 and beyond? Because you can’t secure what you can’t see, the first step is to maintain uncompromised visibility and control over all of your endpoints, whether they are on or off your corporate network.

To help you determine where your PII is located (as defined by any of the 31 European countries subject to GDPR) by device ID and username, Absolute today introduced a new GDPR Compliance Report that is now part of the Absolute Platform.

In addition to where your data is located, the report also shows you whether or not that data has been encrypted and when – required pieces of information for compliance. The report generates a GDPR aggregate match score which is a sum of all matches for compliance with rules that have been built in to the system as well as any custom rules you’d like to add.

Watch this video, Strengthen Your GDPR Compliance with Absolute for a quick overview of how Absolute helps you identify EU-specific PII data residing on all of your endpoint devices, and the importance of having the ability to take immediate action to remotely remediate the risk.

Financial Services