The convergence of GDPR and other data privacy regulation with evolving technology – 5G networks, IoT, AI, the cloud – will further challenge businesses’ ability to foster technology innovation, protect privacy and maintain compliance.

This is the warning of risk advisers at Marsh, on the first anniversary of the introduction of the EU General Data Protection Regulation.

In the first nine months the GDPR was in effect, regulators brought more than 200,000 cases in 31 countries and issued nearly €56m in fines. Marsh says the diversity of monetary fines and enforcement actions demonstrate the GDPR’s broad scope.

Thousands of GDPR actions are currently pending, and, moving forward, the risk adviser expects the EU to take an active approach to AI’s consumption and processing of personal data, especially when it distinguishes individuals based on race, gender, political beliefs, or other sensitive categories, and even where the consequences are unintentional.

It appears that the GDPR has also spurred regulatory momentum in many other regions, including the US, and leading towards greater data localisation; many large technology companies have discovered that transferring large amounts of data outside the EU runs the risk of non-compliance. Marsh says that another consequence is that many new regulatory standards are not uniform, and companies may struggle to comply where privacy regimes conflict. Ultimately, companies may incur substantial costs in order to bring their data use practices into compliance.

Share Story: