One year DSGVO
One year ago, on May 25, 2018, the General Data Protection Regulation (GDPR) came into force. The EU Commission sang its praises, while Eco, the largest association of the Internet industry in Europe, was more critical.
Not only the citizens, but also the companies would benefit from the GDPR The European Commission Vice President Ansip and Justice Commissioner Jourová said in a joint statement that the new regulation would benefit the EU as only one set of rules would apply in the Union. With the GDPR, authorities have an effective tool to take action against infringements, they said. In the first year since the GDPR came into force, the newly created European Data Protection Board had registered more than 400 cross-border cases across Europe. This is proof of the added value of the GDPR, as data protection does not stop at national borders, the Commission said.
In addition, he said, people's awareness has increased with the new set of rules: New figures showed that almost six out of ten people would know that there was a data protection authority in their country.
Too little clarity
Ecothe largest association of the Internet industry in Europe, complains that legal certainty for all companies and a uniform interpretation of the GDPR is still a long way off in Europe. "We call on the data protection commissioners in Germany and the supervisory authorities throughout Europe to interpret these rules uniformly in order to protect companies from bureaucratic arbitrariness," emphasizes Alexander Rabe, Managing Director of the Eco Association.
SMEs, associations and businesses in particular need to be protected from high warning fees and fines as a result of the GDPR. According to Eco, the data protection authorities' system of fines must be scrutinized more closely in order to put a stop to excessive fines. However, the association also emphasizes that there has not been a wave of fines so far. Eco fears, however, that this could soon change as soon as the data protection authorities increase their staffing levels and thus more checks have to be expected. Developments in France show that fines of up to 50 million euros are sometimes levied.
Industry-specific best practices take time
According to Eco, uncertainty is also caused by the fact that there are still very few court decisions on the GDPR - and certainly no decisions by the highest courts. It will probably take some time before industry-specific best practices become established. (rs)
Compare also article "It applies - the new GDPR!"
