As it Nears its First Anniversary, the GDPR Gets Predictably Varied Reviews
Later this month, the EU’s General Data Protection Regulation (GDPR) will mark its one-year anniversary, and multiple news outlets are chiming in with commentary on the impact of the landmark law.
Legaltechnews, for instance, reports on an IAPP Global Privacy Summit session in which a European data protection official and others reviewed the law’s first year and forecasted what might come next.
Among her comments, Andrea Jelinek, the European Data Protection Board chair and Austrian Data Protection Authority director, noted how the law’s implementation didn’t halt the international interest in data privacy but seemed to heighten it, especially in the United States.
Jelinek voiced hope for a strong U.S. data protection law because of the breadth of impact that privacy scandals have had on American citizens. She suggested the United States establish an “enforcer to be taken seriously” by those who might infringe on any privacy rules. (The article goes on to say the U.S. Federal Trade Commission has only 40 staffers.)
Forbes.com this week published an article by Julian Vigo on how the tech culture and internet use have been affected by the GDPR. She writes that in addition to codifying data privacy laws across the EU, “a secondary ethos of the GDPR was to redress the imbalance of power between big tech and consumers, forcing big tech companies to be accountable for how they use data.”
The article stresses that many people and organizations “are still not clear about what the limits of GDPR compliance [are], what this means for their businesses and even how this has affected the larger tech culture where keywords like ‘consent’ and ‘transparency’ and ‘accountability’ are still largely just vague terms without a solid reference for most.”
Writer Vigo concludes her piece with what she sees as a bit of comical irony: “Almost a year into GDPR and the UK’s own Information Commissioner’s Office (ICO) staff haven’t been handed a GDPR privacy notice which is both comic and indicative of the very complexities that the GDPR has impacted upon European tech culture.”
An Allen Bernard piece on SCMagazine.com goes deeply and quite thoughtfully into an evaluation of the GDPR “experiment.” Bernard speaks with several expert sources who give analysis on just about every angle of the law.
“The way companies are reacting varies depending on their exposure,” Bernard writes. He stresses that many are waiting to see how the GDPR fares in the courts; legal decisions could help them determine if the cost of complying is greater than the potential cost of sanctions.
Among its many key points, the article emphasizes that more laws are coming, citing the California privacy act and the possibility of a national U.S. law.
Bernard and a data privacy executive with Deloitte also discuss the four GDPR provisions that are problematic for many companies: right to erasure, right of access, right to data portability, and 72-hour notification. Bernard takes his readers through the numerous challenges and uncertainties that are inherent in such uniform data privacy laws, but the readers are left with an optimistic note – that by complying with such laws, organizations are getting their information houses in order, which is a benefit across the board. Bernard writes: “The upsides to these efforts are many: a clear understanding where data resides, standardized privacy practices and awareness training across the company, and an enhanced reputation for integrity in the market.”
Download the PDF version of this article.
The PDF and print editions (2019, Volume 2, April-June) which include this article will be released in early July 2019.
About the Author
- Compliance2019.05.22IG Exec Has Learned From Failures, Says IG Success Requires C-Suite Presence
- Cloud2019.05.15Judge’s Ruling May Provide Clues to the Outcome of Employee’s ‘Dropbox’ Privacy Suit
- Compliance2019.05.08As it Nears its First Anniversary, the GDPR Gets Predictably Varied Reviews
- Archiving2019.04.23Mapping Document Management Processes (Leveraging an Information Lifecycle)