Six months on from its introduction, the GDPR has done much to shake up the way organisations collect, secure and use people’s personal data. However, while the ambitious legislation has succeeded in many of its original goals, there are other objectives which may be longer in the making.
On the positive side, the GDPR has certainly achieved its primary aim of harmonising data protection laws across the European Union. Similarly, it has also successfully overseen sweeping modernisation, brought data laws up to date, and made them fit for purpose.
However, the GDPR has yet to truly change the culture around data privacy and security. This is perhaps the greatest challenge, and it means overcoming the longstanding attitude that data protection is not a significant business risk nor a particularly important business priority – an attitude that has been ingrained over many years.