With Brexit in limbo and the GDPR already handing out fines to companies in noncompliance, companies who work in the confines of the EU and UK are left with few details as to how to navigate the minefield that is compliance. To help, we talked to a lawyer who is an expert in GDPR compliance to learn more on how the GDPR is sizing up.
Brexit was never going to be easy, but lately, it'd be fair to say the the proceedings have been a total mess. So, with Brexit in limbo and European regulators already handing out GDPR fines to companies in noncompliance, where does that leave British businesses? Do British companies still need to be GDPR compliant? Do smaller companies need to worry? Will the UK be getting their own GDPR? Should you just fake it til you make it? To help answer these questions and more, Defrag This host Greg Mooney talked to Paul Voigt a partner at international law firm Taylor Wessing and the author of The EU GDPR: A Practical Guide. Paul is an expert in international data protection projects, GDPR implementation, IT contracts, and IT security.
In this interview, Paul discusses the implications of EU enforcement actions, which he says are not limited to large companies like Google, which was recently fined over 50 million euros by French regulators. "In Germany alone we have seen more than 40 fines since May 2018," says Voigt. "Most of these fines have been a smaller amount and have been directed to smaller companies," says Voigt, so it's clear that smaller businesses should take care as well.
Litigation wise, Voigt says GDPR enforcement is still "comparatively calm," but predicts that more and higher fines in the future will cause more businesses to litigate against the fines.
As to what is catching companies up in noncompliance, Voigt says GDPR transgressions are "all over the map." According to Voigt, many companies have been more focused on the window-dressing of the GDPR—making sure external-facing compliance measures are taken care of, while they struggle to handle the larger undertaking of internal compliance issues.
As for Brexit, Voigt says "The UK already mentioned that even in the case of a no-deal Brexit they will apply requirements in the UK that are quite similar to the GDPR," so the best practice is to aim for total GDPR compliance, as you will likely find yourself beholden to the same deals even in the case of no-deal.
To hear these insights and much more, listen to the podcast embedded above.