GDPR, What do we know so far

GDPR, What do we know so far

We might have had two years to prepare for the introduction of the new General Da ta Protection Rules (GDPR) but it seems every business left it to the last possible minute before bombarding us all with opt-in emails and if you’re anything like me you used the time as the perfect opportunity to cleanse your inbox.


GDPR, What do we know so far

We might have had two years to prepare for the introduction of the new General Data Protection Rules (GDPR) but it seems every business left it to the last possible minute before bombarding us all with opt-in emails and if you’re anything like me you used the time as the perfect opportunity to cleanse your inbox.

But then, just as you thought you’d overcome the barrage of emails, a second wave arrived. This time to tell you they’d changed their privacy policies and most people, understandably, hit delete and failed to take any notice.

So, what have we learnt about GDPR since its launch on Friday?

Many US news websites were unavailable to readers

Websites, including the Los Angeles Times and the Chicago Tribune were and still are blocked to al l readers based in Europe, due to what publishers Tronc and Lee Enterprises described as “technical compliance issues”.

The publishers, which is responsible for 46 daily newspapers across 21 states, posted the followi ng statement across all of the unavailable sites:

We are sorry. This site is temporarily unavailable. We recognise you are attempting to access this website from a country belonging to the European Economic Area (EEA) including t
he EU which enforces the General Data Protection Regulation (GDPR) and therefore cannot grant you access at this time." Chaos, and a lack of understanding of what GDPR actually entails.

According to the Daily Telegraph, many organisations have “felt confused and stressed” about GDPR, even after speaking to the Information Commissioners Office (ICO) who should have been the ones to put people’s mind at ease.

As a result, the Church of England believed their priests were no longer able to pray out loud in church for their parishioners, who have not given their consent.

A charity, who deliver meals on whiles to elderly and vulnerable people, including m any with dementia, were led to believe that they “needed to send a two-page letter to each client outlining the provisions of GDPR and asking permission to continue to hold their data.

Both of these issues have now been cl eared up – but it is worrying that despite so much being written about the changes so much confusion is still being felt.

Speaking to Radio 4’s Today programme on Friday, Elizabeth Denham, the Information Commissioner, reassured small businesses that they will not be punished for failing to be ready on time.

“Small businesses should not panic,” she said. “We are not looking for perfection. It is nonsense to think regulator will make an early example of small businesses.”

Whether this will ease people’s minds remains to be seen, complaints were filed within hours of the new rules being put in place. It took just a few hours before the first complaints were filed, with Facebook, Google, Instagram and WhatsApp all accused of forcing users to consent to targeted advertising to use the services.

The Privacy group, which is led by activist Max Schrems said people were no t being given a “free choice”.

“The GDPR explicitly allows any data processing that is strictly necessary for the service – but using the data additionally for advertisement or to sell it on needs the users’ fre e opt-in consent,” said in a statement.

“GDPR is very pragmatic on this point: whatever is really necessary for an app is legal without consent, the rest needs a free ‘yes’ or ‘no’ option.”

Max Schrems added: “Many users do not know yet that this annoying way of pushing people to consent is actually forbidden under GDPR in most cases.”

  • Recent Articles
Author Details
Founder & CEO at Hedgehog Security

Peter has been in the Information Security world since 1999 and in IT in general since 1996. His work history contains a unique blended balance between the development of exceptional technical capabilities and business knowledge. Peter is a proud father of twins and enjoys GT endurance racing on the weekends.

We would like to keep you informed about our services. Please tick the options below to receive occasional updates via

  • penetration testing steps
    Peter talks to FindMyUkCasino
  • Malware
    SB Tech Breach

    Last week saw SB Tech Breached by the hacking group Maze. It seems that every week the group are announcing more victims.  GameOn asked our CEO Peter Bassill, to give us some insight into the attack. The GameOn article is here.

  • Privacy
    Howto VPn

    In our “How to securely” series we asked our followers what tools they would like a simple guide on to help them stay secure online. There seemed to be a lot of confusion as to what a VPN is and why you should or should not use one. So we asked Peter to help.

  • WhatsApp
    How To Whatsapp Safely

    WhatsApp is among the fastest-growing instant messengers out there, and almost a social network in its own way. But if you are using it, there are some steps you should take to protect your security and privacy.

  • Morrisons Breach Update

    The UK’s highest court ruled that Morrisons can not be liable for a criminal act of a person seeking to harm their business. On April 1st, 2020, a panel of five justices unanimously ruled that Morrisons was not “vicariously liable”.

  • Remote Working Considerations

    With the current pandemic situation, we all need to be taking remote working considerations. While adjusting the work paradym, it is vital to keep a mind’s eye on the security and safety of the businesses information assets

  • Securing Zoom
    How To: Securing Zoom

    In this guide we are looking at how to go about securing zoom. Since the onset of the global pandemic, we have seen surge in “zoom bombing”. This is where people with malicious intent look for in-progress zoom meetings to join and cause trouble.

  • Software Security
    Dell EMC iDRAC memory corruption Vulnerability

    A critical vulnerabiltiy has been identified in Dell EMC iDRAC7, iDRAC8 and iDRAC9. Some unknown processing is affected by this issue. Manipulation with an unknown input can lead to stack based memory corruption.

  • Hiscox Sues for Failing to Disclose Data Breach

    On March 27th, Hiscox Insurance Company Inc. filed a complaint against law firm Warden Grier for concealing a data breach that occurred back in 2016.

  • Software Security
    Privilege escalation on Nginx Controller up to 3.1.x Controller API

    A critical vulnerability has been identified in Nginx Controller up to 3.1.x (web server,) affecting an unknown code block of the component Controller API.

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Scroll to Top