GDPR turns 5 – what have we learned so far?

GDPR turns 5 – what have we learned so far?

It has been almost 5 years since the General Data Protection Regulation (GDPR) came into effect in the UK in May 2018.

GDPR turns 05

Key developments and trends that emerged following the introduction of GDPR

  1. Brexit: UK businesses are now subject to the UKGDPR, which largely mirrors the EUGDPR. 
  2. GDPR has resulted in high-profile fines for non-compliance, including a $50 million fine for Google and a $746 million fine against Amazon.   
  3. Some businesses are required to appoint a Data Protection Officer under GDPR.  
  4. Other jurisdictions, such as Brazil, California, and China, have now adopted similar data protection regulations.   
  5. GDPR has increased litigation activity related to data protection.   
  6. The European Data Protection Board was established to oversee GDPR implementation across the EU.  
  7. GDPR imposes restrictions on the transfer of personal data without an adequacy decision.   
  8. The International Data Transfer Agreement replaced Standard Contractual Clauses (SCC’s) used as a Data Transfer safeguard.   
  9. GDPR has led to increased use of data protection tools, such as encryption and pseudonymization.  

How to comply  

  • Review and update your privacy policies and procedures to ensure they comply with GDPR requirements.  
  • Implement appropriate technical and organizational measures to protect personal data.   
  • Appoint a DPO if required under GDPR.  
  • Train staff on GDPR compliance and ensure they are aware of their obligations.  
  • Conduct regular assessments of their compliance to GDPR.  
  • Notify individuals and authorities of any data breaches as required by GDPR.   

TenIntelligence is a leading influence in the due diligence, fraud investigation, brand protection, and cyber security community. Reach out for Virtual Data Protection Officer (DPO) services that ensure your compliance.


Lynsey Hanson

Written by

Lynsey Hanson | Data Protection Officer