GDPR Enforcement Difficulties Admitted by European Union

A European Union, report which is due to be made public today, on the General Data Protection Regulation will reveal how small and medium-sized businesses are having great difficulty in investing the funds required to ensure compliance with the data privacy legislation.

This report will be seen as hugely unwelcome by the European Union. EU vice-president in charge of values and transparency, Vera Jourova, has previously stated how GDPR was very important for the implementation of “harmonised rules across the single market. (She added) We have to actively monitor how member states implement the GDPR in their national legislation to ensure that the ‘one continent, one law’ principle is there. We need to help SMEs and we need to see a truly European and vigorous enforcement.”

Today’s report will reveal that smaller businesses have been particularly affected by the costs of compliance with the General Data Protection Regulation (GDPR). This added to a lack of proper understanding of the legislation in relation to the development and evolution of new technologies has led to some difficulty for progress to be made areas like artificial intelligence, blockchain and the internet of things.

The report is believed to state that: “Further challenges lie ahead in clarifying how to apply the principles to specific technologies. Some stakeholders report that the application of the GDPR is challenging especially for small and medium-sized enterprises (SMEs).”

The legislation was initially devised to allow Internet users greater management over their private data and, since then, some privacy groups have claimed that the rules do not go far enough in protecting individuals’ information. In addition to this, there some concerns were voiced in the extra pressure the legislation place son large technology companies such as Facebook and Google.

The enforcement of the legislation is the charge of the local data protection authority in each member state. Due to this, the report says, that there is a “lack of a consistent approach” between how data protection authorities in different EU member states interpreted parts of the GDPR that allowed for some flexibility, for instance the minimum age that children were allowed to consent for social media companies to manage their data. For example, some member states have set the minimum age at 16, others at 13, 14 or 15.

This report comes not long after Internet Browser Brave revealed that GDPR laws were proving difficult to implement. In relation to the national data protection authorities in the EU member states it revealed that:

  • Only six national DPAs have more than ten specialist tech investigation employees.
  • Seven data protection bodies have two tech specialists or less.
  • 50% all national DPAs receive small (€5 million or less) annual budgets from their
  • The Irish Data Protection Commission is Google and Facebook’s ‘lead authority’ GDPR
    regulator in Europe. But while the number of complaints it manages is accelerating, increases
    to its budget and headcount are dropping.
  • Almost a third (29%) of all of the EU’s tech specialists work for one of Germany’s Länder
    (regional) or federal DPAs. All other EU countries lag behind Germany.

You can read the full report here.