The GDPR came into force for businesses that operate in the European Union last week and it has proved to be a burdensome mess for many businesses.
Organisations were given until May 25 to make radical changes to how they store and process personal data. Failure to do so would result in fines of up to €20m or 4 per cent of global turnover, which ever number is highest.
However, whilst businesses have been scrambling with the unprecedented legal changes, it has been revealed that the European Commission has published more than 700 records, including names, addresses, professions and even specific postcodes of its own citizens.
All the information is easily accessed and readily available on multiple EU websites and is hidden in-and-amongst thousands of Excel spreadsheets that were uploaded by officials in European Commission departments.
Now if the EU were an ordinary organisation; be it Google, Facebook, a local coffee shop or a high street gym, this would be considered a significant breach of these new regulations.
However, the European Union will still not be found to be in violation of their own regulations because for “legal reasons” the rules do not come into effect for European Institutions until Autumn this year. Whilst companies, both big and small, were hiring additional lawyers, frantically sending emails, going through their data to ensure they were being compliant, the European Union has been able to sit back and relax for an additional three months.
Steve Gailey, security expert at Exabeam, which offers enterprise-level database security products, has said that the exposure is “embarrassing for the EU, coming hot on the heels of GDPR.”
In now seems that there are one set of rules for Brussels and one set of rules for everyone else.
Within hours of the new law coming into effect, chaos took hold with with a number of websites taken offline and accusations that Facebook and Google had already breached the regulations.
One cannot help but ask what would happen to these organisations if these Excel spreadsheets were discovered within these larger organisations. The European Union has been only too happy to inflict punishment on all forms of organisations that hold data but they are unable to hold a mirror to themselves.
This is just another example of the fact that the EU is only to keen to impose itself upon the lives of every-day people and businesses owners but it is not willing to abide by its own rules. The EU must wake up to itself and realise such double standards are wholly unfair and must be addressed immediately.