Newsflash: +++ Hackers Stole Over 6.42 Million SHEIN Customers' Data +++ SAP Customer British Airways hacked: Hackers steal financial data in BA website attack +++ The same hacker group who breached Ticketmasters were behind the British Airways attack, using DIGITAL SKIMMING +++

Milky Blog

know what’s going on out there about SAP®

  • Blog
  • Read Our Rules

GDPR - outranks Google searches on Beyoncé

By Hendrik Jansen  - March 21, 2019

The status of GDPR 10 months after the introduction on 25 May 2018. 

During the introduction days of GDPR, the search for GDPR via Google outranked the search of Beyoncé.


But that was in May 2018, and a lot has happened since. As expected Beyoncé bounced back and is more popular again then EU rules, manifests and business penalties, or should we say that GDPR has quickly faded away to the background from a news point of view. I would like to share some views and facts on the status of GDPR roughly 10 months after it's introduction. 

Since the introduction of GDPR on 25th May 2018 we can conclude a few things.

- marketeers and sales hate it, as it imposes quite a few hurdles to "reach out and sell".

- the number of spray paint marketing emails has significantly dropped.

- the number of unsolicited cold calls has significantly dropped.

That was part of the GDPR intentions of the ruling in the first place, to protect the privacy right of individuals, so at least that part really shows GDPR in effect.

The entire legislation around it, remains complex, is not always very clear, but we can state with a fair degree of confidence, it made people much more aware and cautious. Perhaps that is the biggest win of all, making people/organisations aware that privacy matters, that your data = your data, and that anybody carrying YOUR DATA, better understand fully where, how, when, why and how much.

Looking at the number of reported complaints at the EU data protection authorities, we are almost at the mark of 100.000 filings.GDPR nr complaints

That number in itself is not massive, but it does represent a massive (and really underestimated) amount of workload for employees, DPO's, resulting in loss of productivity, distraction from their core business, additional communication with the authorities, possibly involvement of lawyers and extra unforeseen costs.

The penalty that recently has hit the news is staggering, the media reported a case in France against Google of 50 million EUR. Google can't be too happy with the EU watchdog and courts as the total of fines have now accumulated to 8.2 billion EUR all-in-all. 

What does not make the major news and headlines are the smaller fines that are handed out, the sports betting cafe for unlawful video surveillance, the social networking platform for not securing the users data. It starts to add up, the fines were small in the beginning but the numbers are on the rise. Starting with 5k EUR, 22kEUR, 400kEUR, recently moving up to millions. The smooth introduction or on-boarding period seems over.

Our analysis of EU publications show that the Netherlands was found to have reported the most breaches (15,400), followed by Germany (12,600), and the UK (10,600). The countries with the fewest reported breaches were Cyprus (35), Iceland (25), and Liechtenstein (15).

GDPR requires data controllers to report breaches within 72 hours of discovery. Once an individual contacts you around data privacy you have 30 days to satisfy the request, what data do you carry of that individual (and prove it and deliver it), explain why you have that data, erase it upon request. That is all fine and good after you have done all your data classification work, process description. In smaller more silo'ed applications is is much easier than for example in ERP systems like SAP®.

Avoid penalties? Ability to react within the 30 days? What can you with regards to GDPR in SAP®?   -  Read what we do to help you.

Pictures©: The European Data Protection Board

Enroll and receive updates!

Popular posts

We take privacy seriously! This is what happens to your data:

  • Data from forms and website-tracking can be saved for analysis.
  • Data can be evaluated for optimizing the website. This enables us to better understand what our visitors are interested in. We primarily use Hubspot for this tracking. You can find more information on this in our privacy policy linked at the bottom.
  • We do not share your data with third parties. In the context of events in which you want to participate it might be necessary to submit your data to contractors.
  • You have the right to have your personal data corrected, deleted or transfered to you at any time.
  • You can withdraw your consent to any sort of communication with us at any time.

More details about what we do and don't do with your personal data can be found in our privacy policy, or you can directly contact me by e-mail!

Felix Möckel
Data Protection Officer