This article, written by Dr Roselyn Borg and Mr Angelito Sciberras, was first published in the 10th annual Business Leaders Annual Conference’s magazine.

Dear GDPR,

Before you were born, you already attained a lot of attention. Now you have been in this world for just over one year and your day is marked as a catalyst in privacy and information rights. You have had a global impact on organizations as well as individuals. You have brought new and enhanced privacy and security obligations for organizations around the globe, including U.S.-based companies where despite not being part of the EU,  compliance with those obligations is mandatory. Liability for organisations arises if they do not comply with the obligations imposed by you.

Why did you scare so many people? Because you could cost their organizations a lot of money. Because of you, the EU’s National Supervisory Authorities have the possibility to issue fines, up to a maximum of 4% of the annual worldwide turnover or €20 million , whichever is higher.

Your wider scope and your potential fines resulted in a lot of stress for companies doing business in the EU, especially organizations that are based in countries like the US, which traditionally have not protected personal data in the same way as in the EU.

You introduced an obligation to report data breaches to the Supervisory Authorities and in some circumstances to the individuals affected. Eight months after your birth, the European Commission stated that approximately 41,000 data breach notifications were received by the Data Protection Authorities.

Before your birth, there was much speculation as to how Data Protection Authorities would enforce your provisions. GDPR, all your parents (DPAs) have taken good care of you. National Data Protection Authorities (DPAs) across the EU have received 144, 376 complaints from citizens since 2018. They have levied a total of €56 million in fines across the EU.  255 investigations are ongoing by DPAs of cross-border GDPR violations.

In 2018, you received a lot of attention to the extent that even some celebrities had to stand in your shadow. During the peak month of May 2018, you were searched more on Google than American superstars Beyoncé and Kim Kardashian.

All of this is certainly not what we expected when you were born, GDPR.

Dear GDPR, you are like all children, full of surprises! Happy birthday to you!