One year on from when GDPR became law, and everyone became totally fed up of hearing about it, we look back at how much has changed.
Germany and Poland have both issued fines under GDPR so far. They have also shown that where companies have cooperated with them and committed to making changes, they have been lenient. The €50 million fine France levied on Google focussed justification for the amount on the ongoing nature of their breaches. The number of complaints to the ICO in the UK has increased dramatically. Ireland has had to increase the size of its team four-fold. Increased awareness amongst the public, along with some high profile stories on privacy, has seen consumers more willing to take ownership of how their data is used.
Despite all the publicity surrounding GDPR, a Hiscox survey in 2019 found that 39% of SME business owner’s weren’t sure who was covered by GDPR. 90% of them didn’t think consumers had any new rights. There is a fear that many companies have ignored GDPR and not undertaken any action to improve their privacy or security. With the fines being issued so far being fair, some companies seem to have taken the view that they can get away with doing the minimum required.
Unsurprisingly, demand for Data Protection Officer jobs and privacy jobs, in general, has slowed. People in these jobs saw huge salary increases last year, sometimes doubling their salary when moving roles. We also saw day rates of up to £2000 for the most experienced consultants. Permanent salaries have not dropped from these highs, but candidates are unlikely to receive a large increase to entice them away from their current employer. Anyone involved with cybersecurity recruitment knows that demand is high and we expect people in these jobs
The most exciting and perhaps unexpected change over the past year is the amount of non-EU countries that have introduced comparable legislation. With California about to introduce a version of privacy legislation, there is even talk of federal legislation on privacy. There is a comparable law coming into force in Brazil and countries in South East Asia and Africa are also seeing an increase in talk on privacy legislation.
With the advent of more global legislation, we do expect to see a continued rise in jobs internationally. I’m sure the next year will bring further fines and clarification on how regulators intend to act.