The first days after GDPR entered into force were full of action. They were used by many consumer rights advocates and also by individuals to file a ton of complaints against huge data processors like Google and Facebook.
European supervisory authorities were basically overwhelmed with complaints and they took time to resolve. Some major fines were imposed on Apple, Google, Amazon and other big companies. The initial approach of authorities towards small and medium enterprises have so far been to give mandatory prescriptions and to avoid sanctions at least initially.
The main guidelines provided by the European Commission and local authorities in the EU focused on the consent receival from data subjects under the GDPR. This was the most discussed topic – how exactly does a business acquire consent to process personal data and when is this consent necessary. A major issue was also the use of personal data for profiling and direct marketing. Most fines for huge data processors were imposed due to some form of violation of the rules regarding these topics (i.e. Google Adds algorithms for profiling).
Want to learn more about data protection regulation in Singapore? Check out these useful articles:
- What is GDPR?
- How Does the GDPR Compare To the Singapore PDPA?
- How to Apply GDPR in Your Business in Singapore?
- How Did the Different Companies in the EU Implement the New Data Protection Regulation?
- How Did the GDPR Compliance Evolved Since May 2019?
- How Will the Data Protection Rules Evolve in The Near Future?
- Personal Data Protection Act (PDPA) Part 1
- Personal Data Protection Act (PDPA) Article 1B
- Amendments to the Data Privacy Laws (Personal Data Protection Act 2012) in Singapore