The General Data Protection Regulation (GDPR) has been in force since 25 May 2018. Under the law, the EU Commission is obliged to submit an initial evaluation report to the EU Parliament and the Council within two years – a report which was published today. From the perspective of the Association of the Internet Industry, despite initial concerns, the GDPR has after two years now established itself as a fundamentally appropriate regulatory instrument. At the same time, eco still sees too many questions and practical problems arising in the implementation of the GDPR, especially for small and medium-sized enterprises.
Commenting on the current status of the GDPR, eco Managing Director Alexander Rabe has the following to say:
“A uniform European legal framework, which was brought into being by the General Data Protection Regulation, represented the first step towards a responsible European data policy. But in its implementation, numerous questions and practical problems are still surfacing, especially for small and medium-sized enterprises. Businesses need clear rules and pragmatic assistance in implementing them – the advisory function of the data protection supervisory authorities must be much more effective here! We welcome the fact that the Commission, too, has recognised that the existing bureaucratic obstacles and legal uncertainties in data protection can only be overcome through a pan-European approach. This approach must eliminate the current uncertainties and at the same time guarantee a legal framework that is innovation-friendly and in line with market requirements, so that we can finally even out Europe’s inconsistent level of data protection.”
For the Association of the Internet Industry, Europe has set the framework for the future design of the protection of personal data with the General Data Protection Regulation. Regulation which had previously been of a scattered nature and handled differently by various national data protection laws was, in a central European regulation, pooled, systematised and organised using identical principles. The Association of the Internet Industry participated in the evaluation of the GDPR on the basis of a Key Points Paper.