5 Years on from GDPR

Today marks five years since the General Data Protection Regulation (GDPR) came into effect, revolutionizing the way we handle data. As we commemorate this milestone, we want to share 10 key learning points that have emerged since GDPR’s implementation. We also invite you to reflect on your own experiences by asking open-ended questions that delve into your data protection journey.

Ten Considerations under GDPR

  1. Transparency Matters: Are you aware of how your data is being collected, used, and stored?
  2. Consent is Crucial: Where consent is required, have you ensured explicit consent for processing personal data?
  3. Data Minimization is Key: Are you collecting only the necessary data for your business purposes?
  4. Accountability Is Non-Negotiable: Have you appointed a Data Protection Officer (DPO) or taken necessary steps to ensure accountability?
  5. Security is a Priority: Have you implemented appropriate technical and organizational measures to protect data?
  6. Breach Readiness is Essential: Are you prepared to handle data breaches promptly and effectively?
  7. Privacy Policy Notices Are Informative: Are your privacy notices clear, concise, and easily accessible?
  8. International Data Transfers Require Caution: Do you have appropriate safeguards in place for transferring data internationally?
  9. User Rights Are Empowering: Are you facilitating the exercise of data subjects’ rights, such as access, rectification, and erasure?
  10. Regular Reviews are Essential: Have you conducted periodic assessments and audits to ensure compliance with GDPR?

We are at an interesting time in the world of Data Privacy & Protection, with upcoming privacy and data laws and regulations, such as the Data Protection and Digital Information Bill.

We would love to hear your insights and experiences on these topics, and how you have been preparing for updates and changes? Share your thoughts with us, and together, let’s continue our commitment to data protection excellence. And here’s to another five years of robust data protection!

And? Learn how our comprehensive DPO service can safeguard your business, ensure GDPR compliance, and provide you with the peace of mind.


Lynsey Hanson DPO

Lynsey Hanson | Data Protection Officer



GDPR turns 5 – what have we learned so far?

It has been almost 5 years since the General Data Protection Regulation (GDPR) came into effect in the UK in May 2018.

GDPR turns 05

Key developments and trends that emerged following the introduction of GDPR

  1. Brexit: UK businesses are now subject to the UKGDPR, which largely mirrors the EUGDPR. 
  2. GDPR has resulted in high-profile fines for non-compliance, including a $50 million fine for Google and a $746 million fine against Amazon.   
  3. Some businesses are required to appoint a Data Protection Officer under GDPR.  
  4. Other jurisdictions, such as Brazil, California, and China, have now adopted similar data protection regulations.   
  5. GDPR has increased litigation activity related to data protection.   
  6. The European Data Protection Board was established to oversee GDPR implementation across the EU.  
  7. GDPR imposes restrictions on the transfer of personal data without an adequacy decision.   
  8. The International Data Transfer Agreement replaced Standard Contractual Clauses (SCC’s) used as a Data Transfer safeguard.   
  9. GDPR has led to increased use of data protection tools, such as encryption and pseudonymization.  

How to comply  

  • Review and update your privacy policies and procedures to ensure they comply with GDPR requirements.  
  • Implement appropriate technical and organizational measures to protect personal data.   
  • Appoint a DPO if required under GDPR.  
  • Train staff on GDPR compliance and ensure they are aware of their obligations.  
  • Conduct regular assessments of their compliance to GDPR.  
  • Notify individuals and authorities of any data breaches as required by GDPR.   

TenIntelligence is a leading influence in the due diligence, fraud investigation, brand protection, and cyber security community. Reach out for Virtual Data Protection Officer (DPO) services that ensure your compliance.


Lynsey Hanson

Written by

Lynsey Hanson | Data Protection Officer