11 May, 2023

The General Data Protection Regulation (GDPR) was implemented on May 25, 2018, and its first five years have seen significant changes in the way companies handle personal data.

One of the most notable aspects of the GDPR’s first five years has been the increased awareness around data protection. Companies and individuals alike are now more conscious of the risks of data breaches and the importance of protecting personal information. The GDPR has also forced companies to become more transparent about their data processing practices and has given individuals more control over their personal data.

The GDPR has also brought about significant changes in the way companies handle data breaches. Companies are now required to report data breaches to the relevant authorities within 72 hours of discovery. This has resulted in increased accountability and transparency, as well as faster response times to data breaches.

One of the most significant challenges of the GDPR’s first five years has been its enforcement. While the GDPR has the potential to levy significant fines on non-compliant companies, many companies have been slow to implement the necessary changes to comply with the regulation. As a result, enforcement has been slow and uneven.

However, there have been some notable examples of GDPR enforcement over the past five years, including some cases in Malta. So far the highest fine in the EU was imposed by the Luxembourg National Commission for Data Protection (CNDP) on Amazon for non-compliance with the general data processing principles. In 2021, Amazon was fined €746 million. In Malta the highest fine to date, according to the Information and Data Protection Commissioner’s website, was of €250,000. The unknowm controller infringed principles of security regarding personal data of data subjects and failed to implement appropriate technical and organisational measures.

Overall, the first five years of the GDPR have been marked by increased awareness around data protection, greater transparency and accountability, and increased enforcement. While there have been some challenges, the GDPR has been a significant step forward in protecting the privacy and personal data of individuals. It will be important to continue to monitor and improve the regulation to ensure that it remains effective in the face of evolving technology and new threats to data privacy.

On the other hand, as we move forward, it is more important for businesses to review their compliance at regular intervals.