2019 may well be remembered as the year GDPR got real.
To be sure, July alone has been hopping, with hundreds of millions in fines and settlements being doled out in both the US and UK for violation of the European Union-issued General Data Protection Regulation, which went into effect May 25, 2018.
"I think as of now it's clear that GDPR is not an empty suit," says Nader Henein, a senior director analyst at Gartner who focuses on data privacy. "I think the regulators really want to see companies handling personal information more carefully. A lot of organizations were sitting on the fence, but I think these fines are starting to have an impact. A lot of multinationals are paying more attention."
Yet fines can't do it alone, adds Matt Radolec, head of security architecture and incident response at Varonis. Real change, he says, must come from all three parties: regulators, complaints and questions from consumers, and guidance from security practitioners.
"Let's build realistic security guidelines that are actionable and specific," Radolec says, pointing out that the Risk Management Framework (RMF) developed during the Obama years were very effective in raising awareness.
Here are six GDPR-related actions, in chronological order, that have turned heads during the first part of this year.