What has happened in the past year
In the first eight months, just 91 fines were imposed for GDPR violations. GDPR has vastly expanded the rights of individuals, giving them greater control over what of their personal data is collected and processed.
What is likely to happen
Many organizations are still waiting to hear the results of notifications made against them. As the backlog of notifications begins to be cleared, it is likely that many more fines will be imposed.
What organizations are doing
50% of organizations are concerned that they currently lack an understanding of what data they hold and process. Only 2% of organizations have automated processes in place.
Recommendations for what organizations should be doing
Organizations must establish what data they are collecting from individuals, how data is being used, how data is shared and with which parties, and what safeguards it currently has in place for data privacy and protection.