Tomorrow, 25 May, marks one year since the entry into force of the EU’s General Data Protection Regulation (GDPR).
Andrus Ansip, Vice-President for the Digital Single Market and Věra Jourová, Commissioner for Justice, Consumers and Gender Equality, released a statement in celebration of GDPR one year on, saying: “These game-changing rules have not only made Europe fit for the digital age, they have also become a global reference point. The main aim of the rules has been to empower people and help them to gain more control over their personal data. This is already happening as people are starting to use their new rights and more than two-thirds of Europeans have heard of the regulation. Also, companies now benefit from one set of rules applying throughout our Union. They have put their house in order when it comes to data, which led to increased data security and a trust-based relationship with their clients.”
The GDPR was devised to implement an EU-wide common approach to the protection and sharing of citizens’ personal data, aimed at allowing individual residents of Member States a wider degree of control over the distribution of their own data. Since the implementation of the regulation on 25 May 2018, the majority of Member States have adjusted their own laws in accordance with GDPR, establishing national Data Protection Authorities and co-ordinating their data protection activities with the EU’s newly established European Data Protection Board, which has registered more than 400 cross-border data protection breaches since its inception.
The statement by Ansip and Jourová continued: “The principles of the GDPR are also radiating beyond Europe. From Chile to Japan, from Brazil to South Korea, from Argentina to Kenya, we are seeing new privacy laws emerge, based on strong safeguards, enforceable individual rights, and independent supervisory authorities. Such upward convergence offers new opportunities to promote data flows based on trust and security. The GDPR has changed the landscape in Europe and beyond. But compliance is a dynamic process and does not happen overnight.
“Our key priority for months to come is to ensure proper and equal implementation in the Member States. We urge the Member States to respect to the letter and the spirit of the GDPR in order to create a predictable environment and avoid unnecessary burden for stakeholders, in particular SMEs. We will also continue our close collaboration with the European Data Protection Board and national data protection authorities, as well as businesses and civil society to address the most burning questions and facilitate the implementation of the new rules.”