The EU’s executive arm is happy with the implementation of the General Data Protection Regulation (GDPR) so far, but hints that more needs to be done.
GDPR was implemented on May 28 2018. The laws set out to protect people’s private data. Now, one year later, the European Commission has delivered its verdict about how well the introduction and enforcement of GDPR have gone so far.
The official statement states that most states have implemented the regulations. However, three are still lagging behind: Greece, Portugal and Slovenia. These three have yet to update their national data protection laws to align with the rest of the EU. The European Commission warned that it will continue to monitor the implementation of the rules and “will not hesitate to use the tools at its disposal, including infringements, to make sure member states correctly transpose and apply the rules.”
That warning also goes for private actors. The European Commission noted that 516 cases had already been managed by the European Data Protection Board by June 2019. The European Commission suggested that the board should take a clear leadership role in the EU-wide data protection culture. It also hoped to see more cross-border co-operation between member states in the future.
Although EU citizens are becoming more knowledgeable about what rights they have under the new regulations, the European Commission noted that only 20 per cent of Europeans know which public authority is responsible for protecting their data, according to a Eurobarometer survey. In response, the European Commission is launching a new information campaign this summer.
The European Commission argued that businesses have been able to boost their security and to see privacy as a competitive advantage by complying to GDPR. Moving forward, the EU’s executive arm will continue to ensure compliance by offering businesses a GDPR toolbox. It will contain things like standard contractual clauses, codes of conduct and new certification mechanism.
Frans Timmermans, first vice-president of the European Commission, stated that the EU is striving to achieve the duel goal of protecting citizens’ data and to champion innovation. “Data is becoming an invaluable element for a booming digital economy and is playing an increasingly vital role in developing innovative systems and machine learning,” Timmermans continued. “It is essential for us to shape the global field for the development of the technological revolution and for its proper use in full respect of individual rights.”
Věra Jourová, commissioner for justice, consumers and gender equality added that GDPR has provided “Europeans with strong tools to address the challenges of digitalisation and puts them in control of their personal data.”
She added, “It gives businesses opportunities to make the most of the digital revolution, while ensuring people’s trust in it. Beyond Europe, it opens up possibilities for digital diplomacy to promote data flows based on high standards between countries that share EU values. But work needs to continue for the new data protection regime to become fully operational and effective.”
The European Commission’s verdict comes day after it was revealed that almost a third of the continent’s business fail to comply with GDPR. Having surveyed business leaders in 34 countries, tax and audit consultancy RSM revealed 30 per cent did not think they were complying with the data privacy rules.
Copyright © 2018 RegTech Analyst