GDPR alarm bells might be ringing throughout the business community, but with just a fortnight to go until the regulation comes into force, it seems even the new law’s enforcers are ill-prepared, with the majority of EU data regulators admitting they will neither have the resources nor the funding to fulfil their duties by the May 25 D-Day.
According to a Reuters survey, 17 of 24 authorities who responded said they would struggle to enforce the regulation – first proposed by the European Commission back in 2011 – for months.
Isabelle Falque-Pierrotin, president of France’s CNIL data privacy watchdog, told Reuters: “We’ve realised that our resources were insufficient to cope with the new missions given by the GDPR.”
Like many other regulators, she said she was pressing her government for a substantial increase in resources and staff. Most respondents said they would react to complaints and investigate them on merit. A minority said they would proactively investigate whether companies were complying and sanction the most glaring violations.
Earlier this year, Brussels said it would provide €1.7m to fund data protection authorities and has also set aside a further €2m to assist small and medium-sized businesses in ensuring they are compliant with the new rules.
Even so, at the last count, only Germany and Austria had passed measures needed to enshrine GDPR into their own legislation.
Despite widespread criticism that the UK Information Commissioner’s Office has been too slow in providing guidance, Britain appears to be streets ahead of other EU member states.
The UK Data Protection Bill is progressing through Parliament; the ICO has already outlined its new fees structure and has also secured a concession from the Treasury to abandon the regulator’s strict pay contraints to combat a “brain drain”.
One industry source said: “GDPR has been billed as the harmonisation of data protection laws across Europe but despite being over seven years in the making, the EU seems to be in a shambles and as disjointed as ever.
“We may have been complaining about the ICO’s go slow but the UK appears to be well resourced and well placed to enforce the new regulation. No wonder other member states want the ICO to retain a top place in data protection post-Brexit; who else are they going to rely on?”
Half of UK firms have set aside money for GDPR fines
ICO to publish final GDPR consent guidance in 2 weeks
Privacy chief Denham hits out at GDPR scaremongering
DMA demands answers over threat to third-party data
ICO stands firm on ‘over strict’ GDPR consent guidance
ICO must retain top role in EU post-Brexit, urge Lords
Big firms shoulder burden as new ICO fees are revealed
Business leaders welcome new UK Data Protection Bill
ICO rebuffs GDPR guidance failings despite RNLI rethink