Good intentions aside, the GPDR introduced 150-plus pages of complex regulations that fell short when it came to practical guidance on how to implement them.
Over the course of three transatlantic dialogues on the topic of data protection, eco – Association of the Internet Industry and the US-based Internet Infrastructure Coalition (i2Coalition) pointed to the learning that the US could gain from the GDPR. At the last of the dialogues held in Washington, eco Chair Oliver Süme eco summed this up nicely: “While the GDPR represents a milestone and the most significant achievement in digital policy in the last 20 years, it nevertheless is also not without imperfections.”
Based on experiences relayed through members of our associations on both sides of the Atlantic, eco and the i2Coalition have now released a joint document, entitled “7 Lessons in Data Regulation Learned from GDPR”. This has been prepared so that US legislators, among others, can learn from what happened in Europe as they approach drafting new privacy frameworks.
Some recommendations include:
- Rather than a one-size-fits-all approach, have different regulations based on the size and nature of the companies involved.
- Treat the exchange of data within a single corporate group as a single entity rather than as separate units.
- Provide assistance and process templates so that companies know how to implement regulations.
As jurisdictions revise existing data laws and create new ones, the rollout of the GDPR provides some guidance on what worked and what didn’t. You can read the full report for more lessons and detail on how the GDPR might have been otherwise implemented – while still achieving the same underlying goals.