Two years on from the General Data Protection Regulation (GDPR) coming into the force, the data privacy laws still face challenges across the European Union, with fragmentation around how member states are implementing it and more.
A report by the European Commission broadly paints the data protection laws as a success when it comes to providing more privacy for citizens, providing people better understanding around rights when handing over personal data, as well as encouraging organisations to take more precautions when handling information.
However, implementation of GDPR isn’t the same all across Europe, which could potentially be creating problems.
Just over two years on from GDPR becoming law, all European Union states – and the United Kingdom, which was signed up to GDPR pre-Brexit – have adopted it or adapted it into national data protection laws. The only member country which hasn’t done so is Slovenia.
But the implementation of GDPR across member states isn’t consistent and creates fragmentation, something which impacts cross-border business, particularly when it comes to new technological developments and cybersecurity products.
See: IT pro’s guide to GDPR readiness (free PDF)
Part of the reason for this is because member states are responsible for managing the human, financial and technical resources of their national data protection authorities.
While this has lead to good uptake and understanding of the legislation in countries including Iceland, the Netherlands, Finland, Ireland and Luxembourg – the latter two home to the European headquarters of a number of global tech firms – other countries are lagging behind.
“The situation is still uneven between member states and is not yet satisfactory overall,” said the report.
And while larger organisations have generally adapted to GDPR, the report notes that even two years on, understanding it and becoming compliant is still challenging for small and medium sized enterprises (SMEs).
Several data protection authorities have provided tools to help SMEs implement GDPR and that’s something the European Commission suggest should be “intensified and widespread”.
But despite issues with fragmentation across borders and struggles involving small businesses, the Commission regards GDPR as a success, noting that 69 percent of over 16 year olds across Europe are aware of the legislation and what it should represent for then.
“The GDPR has successfully met its objectives and has become a reference point across the world for countries that want to grant to their citizens a high level of protection. We can do better though, as today’s report shows,” said Didier Reynders, European Commissioner for Justice.
“The Commission will monitor progress, in close cooperation with the European Data Protection Board and in its regular exchanges with member states, so that the GDPR can deliver its full potential,” he added.
READ MORE ON CYBERSECURITY
