Since May 2018, the General Data Protection Regulation has shaped the way companies and organizations handle the personal data of EU citizens. However, adapting to the new rules has been a challenge for some.
Caroline Louveaux, the Chief Privacy Officer of MasterCard, understands the work involved in complying with the regulations.
“For many companies, it has been actually a massive amount of work to find out what data they had and where they were located," Louveaux said. "MasterCard had already done that exercise of data mapping before. When you know what data you have, you find out what is up to date, what data is relevant. This enables to better comply with the law, but it also creates massive business opportunities”.
The new regulation brought tougher controls from data protection authorities. The number of notifications of breaches increased, but only resulted in fines for a few companies.
Sometimes GDPR enforcement in cross-border cases is lengthy because of the fragmented application of the rules among different member states. EU Commissioner Vera Jourova is urging governments to do more to fill this gap.
“Just imagine some big companies like Facebook, they will do the same harm to people in different member states and suddenly the people in a different member state will see different reactions," Jourova said. "I don’t think it is fair and the GDPR should bring more fairness to Europe".
Telemarketing calls, unrequested promotional emails and surveillance by CCTV cameras are the main reason for complaints. Individuals are more aware of their rights, but some are still confused.
The European Commission has launched an awareness-raising campaign to encourage citizens to have a better understanding on how their data is controlled.