The General Data Protection Regulation is a set of rules stemming from European regulation aimed at protecting natural persons in relation to the processing of their personal data and the free movement of such data across the European Union.
This regulation was born as a demand from many companies and sectors, such as the technology sector, which had to face 28 different legislations on the use and processing of personal data in order to offer their services in Europe.
It came into force on May 24, 2016, and was applied from May 25, 2018, marking today 5 years since its application. During these years, the following points were developed:
- Application of the Active Responsibility Principle
- Data protection by design and by default
- Reinforcement of the requirement for consent
Notable Facts
Although many companies implemented privacy policies during the two years that this law was under consideration, it wasn’t until the following five years that we truly witnessed its impact.
Thanks to the GDPR, one of the most striking events in 2019 was Google’s defeat at the CJEU, which was fined 50 million euros and was forced to reformulate its privacy clauses, being more transparent with the data it managed from its users.
In 2020, the European Commission noted that users from the European Union had increased their knowledge about their data protection by up to 71%, and that privacy had become a competitive quality for companies, one that consumers take into account for their activities and decision-making. This affected the GAFAM (Google, Amazon, Facebook, Apple, and Microsoft), raising questions about the legality of their data protection systems, having to change them within the European area and even affecting certain foreign laws.
In 2021, the figure of 5 billion euros in fines for GDPR infringements was surpassed, while in 2022, only in Spain nearly 23 million euros in fines were imposed on internet service companies with fraudulent, outdated, or insufficiently transparent data protection clauses.
Inprosec and the GDPR
Since the enactment of this regulation, at Inprosec we have successfully carried out more than 100 GDPR application projects, making Inprosec a reference in Galicia in the implementation of GDPR helping our clients comply with the law to keep their users’ data safe.
During the experience of these 100+ projects, we have been able to assist our clients in various ways such as:
- Implementation of the GDPR
- Resolution of doubts
- GDPR training for employees and executives.
- GDPR audits
- GDPR support
- Custom related projects
The results have been more than satisfactory; in 2021, more than 40% of our clients would recommend our services with a 9 or 10 in GDPR services. This result was greatly exceeded in 2022, where up to 75% of our clients would recommend us to a friend.
Inprosec – Adenda Collaboration Agreement
Following the success achieved in recent years, we have decided to give a new dimension to the treatment we give to the GDPR at Inprosec. Therefore, we have signed a partnership agreement with Diego Estévez García from Adenda.
The collaboration with Adenda dates back to before the enactment of the new GDPR regulation, hence, after years of collaboration and working together, we have decided to take a step further and formalize an agreement where our GDPR services will be led by this renowned legal boutique led by lawyers.
Its director, Diego Estévez, holds a certificate from ISMS FORUM and the Data Privacy Institute as a Data Privacy Professional since 2018, bringing an added guarantee and professionalism. He is also a member of the main Associations in the Data Protection sector, where he attends continuous training and shares concerns and common problems. Lastly, he is part of the Catalog of Companies and Cybersecurity Solutions of INCIBE (NATIONAL INSTITUTE OF CYBERSECURITY), as well as the ciber.GAL NODO.