The GDPR compliance deadline has now passed. Bells did not ring. No confetti dropped. No parades celebrated the day. People who don’t work in privacy might even be forgiven for having no idea that anything important happened on May 25.
Yet, important things have indeed happened.
There will certainly be many who look ahead to this new era of data protection and privacy. These predictions of the future offer us important perspective. There is much that is still unknown under GDPR, with advisory opinions, court decisions, and (perhaps most importantly) enforcement actions yet to come. We need the collective wisdom of our profession to see the path ahead and keep us pointed in the right direction.
Today can also serve, however, as a day to look back on the work that has led to this moment and the changes that have occurred as a result of GDPR. In the middle of our efforts to prepare for this regulation, it has been too easy to lose sight of the massive evolution (revolution!) in the privacy field. So, let’s take a look back over the past few years and reflect on the significant changes that have occurred.
Here at the IAPP, we have felt change most notably in our growth. Just two weeks before the GDPR deadline, we surpassed 40,000 members in over 100 countries around the world. At the start of 2018, we had 35,000 members. At the start of 2017, we had 25,000 members. We have been adding over 1,000 members a month this year, and our pace continues unabated. Our membership growth has certainly been directly tied to the preparations for GDPR.
Now, you might think that all those new members are data protection officers (DPOs), a role mandated for many organizations under GDPR. The IAPP has conducted research that showed a need for 75,000 DPOs in the private sector around the world under this requirement. However, we know from looking at our data that our new members are coming to us from across the enterprise — engineers, marketing professionals, HR managers and information security pros are all joining the IAPP. This suggests that our field has broken the boundaries around the privacy department and extended across organizations. In other words, the GDPR has made privacy an enterprise-wide concern.
This dynamic has emerged in other ways as well. In research on the institutional response to GDPR, the IAPP found that the global FORTUNE 500 will be spending in excess of $7 billion. These expenditures were not just in legal and compliance functions, however. Much of that GDPR spend was associated with IT upgrades to ensure functionality that enabled new GDPR requirements could be met. Our data makes clear that the GDPR has changed the architecture of IT around the world.
We saw other IT developments as well. Most notably, our field has seen the rapid rise of privacy technology solutions to help organizations manage their obligations under GDPR. Anyone who has attended the Summit in the past few years has certainly seen the explosion of vendors on our show floors. The IAPP responded to this growth by creating the 落地玻璃上的反光+雨幕 Reflection +rain curtain on the windows #上海 #shanghai #shanghaicity #rain #umbrella #onlyiphone #phonepic via photopin