The General Data Protection Regulation showed great promise during development, but after one year in effect, considerable blind spots are coming to the fore.
Just over a year ago, on May 25, 2018, the European General Data Protection Regulation (GDPR) came into effect. The first-of-its-kind policy showed great promise during development; it was intended to harmonize privacy and data protection laws across Europe while helping EU citizens to better understand how their personal information was being used, and encouraging them to file a complaint if their rights were violated. As a new regulatory framework, the GDPR was an acknowledgement that the digital economy — fuelled by (personal) information — should operate with the informed consent of users and clear rules for companies who seek to do business in the European Union.
Implementing the policy, however, is illustrating just how much more work must be done before the GDPR is fully functional. European citizens, corporations and data governance frameworks still face a number of issues that the GDPR was intended to mitigate, as well as a handful of new problems. Stronger fines, greater collaboration and an acknowledgment of some of the policy’s blind spots are sorely needed for the GDPR to be more effective in the months and years to come.