It’s been over a month since GDPR came into force on 25 May and the dust has now had plenty of time to settle. As companies emerge from the rush and confusion that GDPR brought about over the last year or so, we can begin to appreciate the reality of what GDPR has changed and what we can expect in the future.
GDPR was always intended to be a regulation that would be constantly amended and updated, ensuring to consistently defend the rights of individuals and their personal information in years to come.
With GDPR only just coming into effect, it’s difficult to be certain of what exactly is coming, but here are some likely possibilities:
Greater focus on cookies
Cookies were already a relatively large focus for GDPR in its current regulatory form; under GDPR, it is required that any individual or company operating a website disclose which cookies were embedded on their site, as well as what information was being recorded and for how long. However, we’re very likely to see significantly tighter regulations for cookies in the near future as part of the EU’s ePrivacy Regulation, due to come into force sometime in 2019.
While all European businesses have been obliged to fully comply with GDPR, the same cannot be said for their US counterparts. Though the USA is home to some of the world’s largest data processors and controllers with huge European audiences, American businesses have been subject to much less data privacy regulation to date, as GDPR only impacted US businesses operating or serving customers in Europe. Rather than step in line with GDPR, some US-based companies have taken the drastic step of suspending service for customers based in the EU rather than work on their compliance.
New or refocused regulations
GDPR has been publicly accessible since 2016, meaning that it is likely that new or updated regulations will come with a similar grace period of around two years. However, there is no telling how significant any potential changes may be, and there are no guarantees as to how long data processors or handlers would have before compliance with these updates became obligatory.
Because of this, it is essential that individuals and organisations alike keep up-to-date with GDPR developments. The ICO website is a great resource, which businesses can refer to on a regular basis to ensure they continue to comply with GDPR as it evolves.
Throughout our GDPR blog series, the key takeaway has always been that businesses have to be proactive when it comes to compliance. It is far better to be over-prepared than to incur the serious financial consequences from the ICO; so be sure to keep up-to-date with what is required of your organisation when it comes to personal data regulation.
If you’d like to find out how to keep your Dynamics system up-to-date with future GDPR developments, get in touch with a member of our team.