GDPR One Year Later: How Has it Impacted Privacy?

Last month, GDPR, or the General Data Protection Regulation in the European Union, celebrated its first anniversary. So how are we doing one year later? There are many outcomes that can be attributed to the regulation, some that have improved privacy and some that haven’t had much of an effect. Let’s take a look at some of the developments and highlights of the past year and their impact on privacy:

1.The US is closely monitoring the regulation.  In fact, California’s Consumer Protection Act goes into effect Jan. 1, 2020, and several other U.S. states are expected to follow suit next year. CCPA makes nationwide organizations protect California residents’ personal data, and subsequent laws will do the same for other jurisdictions. Currently, 52% of US consumers say that data privacy is very important to them.

2. In the European union, regulators already brought more than 200,000 cases in 31 countries and issued nearly €56 million in fines.

3. Emphasis on privacy is influencing some of the biggest names in tech. At its recent annual developers’ conference, Apple Inc tried to position itself as the security and privacy company. Privacy took center stage away from Apple’s flagship product, the iPhone, even.

4. Many companies have spent millions of dollars on compliance but are unfortunately only doing the minimum that they have to do.

As we consider these four points, the real question is whether it is truly possible to be compliant or whether the regulation is just another way to tax companies and prevent competition.  Just the other week, there was an article in the WSJ about apps that collect personal information and send it to Facebook and other companies, even if users have no accounts with said companies.  It is a fascinating study on just how difficult privacy is these days.  I do believe that no matter the regulations, the only effective way to mandate privacy is for the average consumer to care enough to vote not to use applications and platforms.  Until that happens, the incentives or the punishments are really not sufficient to create a true environment of privacy.  

This was brought home to me the other day when a doctor’s office asked me to send them a copy of my test results.  The office is, of course, HIPAA compliant and they emphasized that they only accept a fax. I can of course NEVER email the item; however, I noticed their faxes do go to their email boxes, so I am not sure why it makes any difference in terms of my privacy. 

While regulations offer a solution, so long as the business of selling data is profitable well beyond the fines, there is really no hope in that practice going away. A recent WSJ article about Square, which has treasure troves of information about consumer spending and buying habits, examined how receipts are sent to the wrong email addresses.  I think an interesting highlight is that Square makes money by collecting the demographic information and selling access to it for marketing purposes.  This is a real business that raises corporate earnings and allows the devices to be less expensive for the average consumer. Square is not an isolated example: As long as collecting and selling access to consumer data remains the one of the most profitable parts of a business, regulations’ impact will remain limited.

With regulations like GDPR and CCPA, it of course makes sense for businesses to use secure communications apps like Vaporstream, where destroying the key from one location wipes out the information forever in every location.  Vaporstream is one of the few foolproof methods to ‘forget’ at least some aspects of the information an organization might be required to forget. Learn how we can help you communicate securely and privately here

Contributor: Galina Datskovsky

*** This is a Security Bloggers Network syndicated blog from Vaporstream authored by Galina Datskovsky. Read the original post at:

Secure Coding Practices