GLL Online Swap | Vol 3 | Developing a Critical Eye for Security | Natalija Bitiukova

Presentation by:
NATALIJA BITIUKOVA | IKEA Group Data Privacy Leader for EU | Denmark.
Two years since GDPR doomsday – what have we learnt?
On Tuesday, May 26, we invited GLL members & friends working in the field of security worldwide to share their knowledge about a shadow behind our screens that is not visible but even more active since the start of pandemic. The panelists represented the variety of angles to study security and develop sustainable resilience.
Unlike any other law in present business history, GDPR topped the list of google searches upon its release and overcame Beyonce by popularity for a while. One of the reasons for such leadership was super negative pre-release media campaign.
As a law is defined as a social contract between a government and people, GDPR was passed as the promise of the governments on EU level to strengthen individuals fundamental rights to privacy in digital age and to provide to entities one unified law to follow in business practices. GDPR was meant to fill in the gap between the legal regulation and real time development of big data based businesses.
GDPR has three main components:
  • Data Subjects with rights to the protection of personal data,
  • Data controllers collecting the data with responsibilities to protect,
  • Data Processors providing IT services under careful instructions of protection.
Every member country has a unit of EU GDPR control run under joint EU umbrella. This ensured one-stop-shop and one set of rules for compliance and risk managers of multi-national companies  to apply and to report under.
It evoked a natural controversy by  1. covering all sections of business operations and defined as the law of everything as personal data is a very broad concept and  2. applying huge fines for any misconduct.
The law had an unintended consequence – it set the trend for similar laws in other countries.  Intended consequences amounted 467 million euros of fines, 235 cases. It is argued that the numbers shall be bigger however GDPR enforcement units are improperly resourced in staff, in funding as well as technical capabilities.
From Data Subject / Consumer perspective, in two years, the awareness of data sensitivity and protections needs has grown, people respect and trust business with serious attitude to personal data more. However, the Cambridge Analitica scandal related to collection, segmentation and targeting based on data brought the public awareness to a completely different level.
From data controllers perspective, in two years, every country ended up passing out additional local GDPRs and enforcement units  differ by interpretation of provisions and situations.
As for the future, it is foreseen to review the GDPR application at the EU level to evaluate its effect. Moreover, there is a tendency towards a data protection standard applicable globally which would welcomed by business globally.

Please note, all video recaps are ONLY available to participants of the event and Supporting Members of GLL.

GLL would appreciate your consideration to become a Supporting Member.