Bitcoin Forum

More than a year after GDPR implementation, half of UK businesses are not fully compliant


https://www.helpnetsecurity.com/2019/09/12/uk-businesses-gdpr-compliance/

What's your thought on this one? I was under the impression that everyone will comply swiftly with GPDR. I'm not sure though if exchanges have comply or not. So I guess it will take more years before we can see everything that relates to crypto being compliant. Or maybe there are individuals who requested their identify to be erased, but we don't have any data about it as exchanges are not releasing any.

Are there clear and easy-to-understand penalties that businesses can incur if they are not yet fully compliant with the famous GDPR? Well, I guess that compliance is not an easy thing to do especially and maybe there is a need for more time and concessions especially with those in the MSMEs category. With the issue of privacy and data protection getting hotter, changes are really necessary and we just hope that in the end GDPR is that catalyst for this goal.

Maybe the lack of enforcement is the one to blame here? That's the funny thing about European countries where they always strive for regulations and laws to control and regulate cryptocurrencies it's either repeated statements or if it happens you won't see any kind of enforcement going on unlike the United States where all departments involved makes it known that there are laws in place to follow. If they are really concerned about data protection they must really enforce it in their own way not only create regulations about it. Aside from that they must make people aware about the regulations they have aside from enforcing it, this will prove much faster and see that the rate of compliance will go up immediately

Yeah, probably this one maybe the regulatory body was too lax on the implementation and perhaps no enforcement that's why a lot of companies are not fully compliant after a year. And besides, this should be an on-going effort as well, not just to target some date and then after that, no update whatsoever specially in the very evolving world of crypto space. So it's going to be a daunting task here, you comply then something in the future will come up and make amendments on the rule. So this is going to a never ending privacy debate.

The other funny thing is that despite its ongoing dislike of the EU the UK is vastly more diligent in enforcing their regulations than most other countries. I'd like to see what the stats are for elsewhere in Europe. I expect them to be way worse overall.

Based from the news I see the United Kingdom is entirely different when it comes to crypto regulation, with the upcoming Brexit they have I think that they are preparing for it in all aspects that will affect their economy which includes cryptocurrencies and they are very active about it. Other than UK you might just have the small nations like Malta and Liechtenstein being active overall in their crypto industry.  If EU countries really want to make a change in their crypto industry they must put in work with the words they are saying not just threats and plans.

Yes, and it is well defined. I don't know if it's the same in all EU countries but in mine, the company can be fined up to 20 million € or 4% of its annual revenue (worldwide). There are usually several levels in the sanctions.

(Edit: I found it, check out the fines for non-compliance https://eugdprcompliant.com/fines-for-non-compliance/)

Most companies have difficulty being compliant and some are very late. I'm not necessarily talking about cryptos companies which makes the problem even more difficult if they use a blockchain, it's too ambiguous with the "right to forget" part.
Almost 60,000 Post-GDPR Data Breaches Reported in Europe (https://digitalguardian.com/blog/almost-60000-post-gdpr-data-breaches-reported-europe). Easy to understand GDPR is far to be implemented correctly and everwhere. It's only a year since it started, I believe companies are still in a transition period.

And here are a few examples I'm talking about

British Airways faces record $230 million GDPR fine over data breach https://venturebeat.com/2019/07/08/british-airways-faces-record-230-million-gdpr-fine-over-data-breach/

Intention to fine Marriott International, Inc more than £99 million under GDPR for data breach https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2019/07/intention-to-fine-marriott-international-inc-more-than-99-million-under-gdpr-for-data-breach/

Facebook fined 1.2 million euros by Spanish data watchdog https://www.reuters.com/article/us-facebook-spain-fine/facebook-fined-1-2-million-euros-by-spanish-data-watchdog-idUSKCN1BM1OU

It's a good thing to see that big companies are being penalized for data breaches happening in Europe but how about the small ones who barely go up in their radar? I know that big companies like Facebook are getting more compliant now when it comes to data privacy specially if they want their Libra to be fully welcomed in Europe and data breaches made by them are kept minimal unlike the ones who aren't complying at all. If the European Union really wants to change at all I do think they also need to start hunting the smaller fishes existing in the EU if news about bigger fishes getting caught don't change their ways of data privacy. Hunting them down one by one will just make them see that they are serious in enforcing the regulation in all corners.

When regulations are made, it does not translate to adoption and the reason is simple, the people making the decision on which path to follow are not involved in the implementation. They usually think it should be a simple thing to do until when its time for implementation before they start seeing the lapses and the practicability and most time would even test the brain behind the policy in the first place.

Just like rolling out a software to the operations of a Company, while the top management have just made decision based on presentations of slides for them, they just decide we are adopting. Its when it gets to implementation and how its going to be used on a daily basis, they would realize its not as simple as it is. For UK to even have 48% compliance rate is something to be celebrated about because it shows its a system that works and its achievable which I know with the necessary support and push the figure could be better.

It pretty much comes down to how much money there is to gain by chasing after businesses. It requires so much time and manpower to dig through the tens of thousands of smaller fishes, that it is a horrible allocation of their resources. The easiest targets will always be the largest businesses because of how severe the consequences are of negligence in the privacy field.

Another thing that contributes to negligence is that the larger the businesses are, the more important their profit margins become, which they expect to see increase year after year to please shareholders. Complying with these regulations is quite a bitter pill to swallow financially, hence the reason they try to delay it for as long as possible.

If every business was following the rules, the governments wouldn't be able to profit from it. They're perfectly fine with how things are. The same applies to banks fucking up. It means hundreds of millions in extra income they wouldn't have if the banks weren't breaking any laws. Business is business at the end of the day.

As LeGaulois pointed out, once the fines get underway, then people will move their asses.

I can't say for all jurisdictions, but the impression I understand from my partner, who works with helping people get compliant, is that as long as efforts are made, and when these enforcement officers check, your company can prove that it is making efforts to be compliant, you're likely not to get fined. The repercussion is for those who blatantly ignore GDPR or are not doing enough.

It's actually almost the same in most other types of compliance, really.

The majority of big exchanges I think have started their conversion to comply long ago. It's probably the small firms that will struggle because the compliance costs will constitute a larger amount of their working capital, which is a pain in the butt for everyone involved.

This is the case with all regulation, not just GDPR.

Adoption rates should continue to increase, but the rate at which that occurs will be determined by the levels of sanctions imposed by the government.

Yeah, probably this one maybe the regulatory body was too lax on the implementation and perhaps no enforcement that's why a lot of companies are not fully compliant after a year. And besides, this should be an on-going effort as well, not just to target some date and then after that, no update whatsoever specially in the very evolving world of crypto space.
So it's going to be a daunting task here, you comply then something in the future will come up and make amendments on the rule. So this is going to a never ending privacy debate.