GDPR in 2022: what should organisations be doing about it?

GDPR in 2022: what should organisations be doing about it?

News of the General Data Protection Regulation (GDPR) and its impact on privacy was pretty much unavoidable when legislation was first introduced back in 2016 and enforced in 2018. Despite it being old news in the fast-paced technology sector, the EU’s principle privacy law is still as relevant now as it was when it first hit the headlines several years ago.

GDPR remains one of the foremost and stringent privacy laws on the planet. With the globe collectively still reeling from the Covid-19 pandemic and a slew of other challenges becoming apparent, organisations have to work hard to remain compliant and protect the data their business and its customers hold dear.

In this article, we take a closer look at GDPR in 2022 and what organisations everywhere should be doing about it.

Noncompliance is being punished, make no mistake

Despite the two-year-long grace period from 2016 to 2018 between implementation and enforcement, many businesses remain noncompliant with the GDPR to this day. 

Over the past year, we’ve seen a notable increase in GDPR penalties, with even big name brands being found guilty of noncompliance and receiving record breaking fines as a result. Amazon, WhatsApp and Google are just some of the organisations to be hit with multimillion dollar penalties in recent years.

Whilst multinational corporations received hefty fines, SMEs were also targeted by noncompliance teams. It’s important to note that whatever the size or niche of a business, GDPR applies. The UK’s official departure from the EU has no bearing on the framework, with GDPR still retained in domestic law as the UK General Data Protection Regulation (UK GDPR).

The enforcement of many more fines means organisations must be vigilant in upholding data transparency standards.

Time to update consent standards and mechanisms

Consent and transparency are both crucial elements of GDPR. Under GDPR requirements, consent must be clear, distinguishable and easy to access. It should also be just as simple to withdraw consent as it is to give it.

With this in mind, mechanisms have to be updated to create meaningful consent that explicitly complies with the GDPR. Opt-in mechanisms should be active and positive, with users able to stay informed thanks to jargon-free and legible privacy policies.

Protect employee data in the face of pandemic challenges

Whilst the Covid-19 pandemic didn’t directly affect GDPR, it did raise a few queries, particularly when it came to the management and protection of employee data. 

The vaccination status of employees is classed as personal data, which left many organisations confused about how to retain, protect and access this data should it be required without violating GDPR. Striking the right balance between fighting Covid-19 and upholding GDPR is integral to personal data protection as the world continues to recover.

GDPR is evolving and organisations have to keep up

With talks regarding the future of GDPR finally coming to a close last year after a three-year-long negotiation, the importance of cookies for data transparency and consent is expected to be recognised in law. 

Preparing for these potential changes, which are unlikely to come into effect for at least two years after approval, is what many GDPR consultants are recommending. 

Cookie consent should be there for all to see and for the browser to reject or agree to at their leisure, and this GDPR update is expected to make these ePrivacy requirements official.

As the landscape becomes even more complicated and GDPR continues to evolve as new challenges arise, taking steps to mitigate privacy risks and protect consumer data as a whole should be a priority for all organisations going forward.

Leave a Reply