Greetings from Brussels!
Saturday, 25 May is upon us and will mark the one-year anniversary of the GDPR coming into force. What a bustle of a year with the broadest spectrum of privacy stakeholders running against time to prepare, implement and comply with its provisions! As one might have expected, this week has seen a flurry of articles, anniversary reflections, and a trove of numerical offerings published online. Lest we forget what the regulation’s introduction has entailed for us thus far.
To mark the occasion, the European Commission released a joint statement by Vice President for the Digital Single Market Andrus Ansip and Commissioner for Justice, Consumers and Gender Equality Věra Jourová speaking to the new awareness and citizen empowerment to gain back control over personal data. They remarked that regulatory compliance is a dynamic process that does not happen overnight. In the months ahead, the commission will continue to look to facilitate and ensure appropriate implementation of the new rules with regulators and concerned actors alike. The commission also released Eurobarometer data on GDPR awareness concluding that 67% of EU citizens having heard of the GDPR: Call-out for Sweden; they are the "best in class," with 90% of their citizens having heard of the GDPR, and 63% actually knowing what the regulation serves.
The EDPB has also been taking stock of the GDPR regime and having surveyed the Supervisory Authorities of the European Economic Area released an analysis of the board’s achievements. One particular statistic stood out for me: There were 446 cross-border cases registered with the board, of which 205 have led to "one-stop shop" procedures. Speaking to the year that has come to pass, Chairwoman Andrea Jelinek stated that compliance can only be achieved through an effective combination of guidance, stakeholder engagement, and, where necessary, enforcement by the national DPAs. Earlier this year, the EDPB adopted its work program for 2019 and 2020, which will continue to mirror these priorities, and Jelinek remains confident that an increasingly effective regulatory environment will continue to pay dividends.
An IAPP report treating the GDPR in numbers was also released this week that is based on European regulatory reviews and interviews. We have seen the commencement of GDPR enforcement; however, there is still much work to be done both at the organizational and regulatory levels. Oh, and don’t forget: The IAPP also released its new GDPR Genius — a tool that combines the regulation’s articles with relevant derogations, EDPB guidance, court precedent and other tools and resources. Be sure to check it out!
If you want to comment on this post, you need to login.