Implementing the General Data Protection
Regulation (GDPR) has been harder for companies than initially
thought in spite of it being widely acknowledged as one of the
most wide-ranging changes to data protection ever.
"The exponential increase in individual
requests for accessing data and deleting data has caught many
organisations by surprise," said Eduardo Ustaran, partner at
While this may please regulators for
showing that individuals are seeking to enforce their rights
under the regulation, companies are also said to be
over-notifying them in the event of a data breach, resulting in
regulators being overwhelmed with work, as well as increasingly
the likelihood of companies being penalised heavily.
Uncertainty also surrounds the various categories of data
companies are expected to retain, and the various legal regimes
and limitation periods for the data they hold....