The European Commission is patting itself on the back for implementing GDPR, insisting that the regulation has achieved many of its objectives, although it does concede that there are still plenty of issues to tackle, not least the fact that consumer awareness is still pitifully low.
In a new report on the first year of EU data protection law – which in typical EU style is two months late – the Commission says that most member states have now set up the necessary legal framework (apart from Greece, Portugal and Slovenia) and that the new system is “falling into place”.
It claims that businesses are developing a compliance culture, while consumers are becoming “more aware” of their rights. At the same time, a move towards high data protection standards “is progressing at international level”.
However, while the EU says consumers are becoming “more aware”, even according to its own research only 20% of Europeans know which public authority is responsible for protecting their data.
The Commission aims to address this by launching a new awareness campaign to encourage Europeans to read privacy statements and to optimise their privacy settings.
EU justice commissioner Věra Jourová said: “GDPR is bearing fruit. It equips Europeans with strong tools to address the challenges of digitalisation and puts them in control of their personal data. It gives businesses opportunities to make the most of the digital revolution, while ensuring people’s trust in it.
“Beyond Europe, it opens up possibilities for digital diplomacy to promote data flows based on high standards between countries that share EU values. But work needs to continue for the new data protection regime to become fully operational and effective.”
Brussels will issue a further report in 2020 to assess the progress made after two years of GDPR, including a review of the 11 adequacy decisions adopted under the 1995 Directive.
On the actual anniversary of GDPR, which came into force in May 2018, data and marketing industry chiefs hailed the progress most companies had made and believed the regulation has elevated data to a key boardroom issue.
However, many conceded that brands also still have plenty of work to do to ensure continued compliance.
Since then, the UK Information Commissioner’s Office has sent out its own warning, revealing that it intends to fine British Airways and Marriott Hotels a total of £282m for serious breaches of GDPR.
Now Marriott takes a £99m battering for GDPR failings
Gnashing watchdog to fuel rise in breach over-reporting
ICO shows ‘staggering’ lack of judgement over BA case
BA faces record £183m GDPR fine for data meltdown
Brussels plots GDPR ad blitz…this time it might mean it
GDPR one year on: Data is now a major boardroom issue