01.09.2018

100 Days of the GDPR and Many Open Questions

  • Supervisory authorities in Germany and Europe are holding back about their expectations and requirements for audits
  • Digital European single market needs uniform implementation of the GDPR

On 1st September, it will be 100 days since the European GDPR (General Data Protection Regulation) came into force and the email inboxes were full to bursting with data protection updates and requests for consent. This was how most companies in Germany made themselves fit for the GDPR. “The majority of companies today are acting in legal compliance with the new European data protection regulations,” says Alexander Rabe, CEO of eco –Association of the Internet Industry.

However, while companies may have done their homework, there is still much left for supervisory authorities and courts to do. The uniform implementation in Germany that industry is repeatedly looking for is not yet on the right track. “When it comes to some open questions in the interpretation of the GDPR, the courts are certainly going to have to decide. But this should not prevent the supervisory authorities from presenting their expectations and requirements for audits,” states Alexander Rabe.

Is Europe serious about uniform data protection?

It is particularly important to arrive at uniform regulations throughout Europe. “It is important – both at European level, and at national level in the individual Member States – to strive for the most uniform implementation of the GDPR possible. Everything else would conflict with the spirit of a digital European single market aimed at strengthening the industry as a whole,” comments Rabe. A swift and coherent arrangement for third countries is also important.

Ongoing discussions, for example about the EU-US Privacy Shield, are contributing to the uncertainty. The ePrivacy Regulation is another piece of legislation being deliberated upon in Brussels that may impose far-reaching changes to data protection and data protection requirements on digital businesses and business models, and which may even significantly reduce the quality of services. “The Council’s negotiations and the subsequent trilogue negotiations will show whether Europe is serious about uniform data protection. However, the drafts submitted so far for the ePrivacy regulation give us reason to doubt this,” says Alexander Rabe.