The 1-year anniversary of the GDPR has not really flooded the media the same way as it did at the launch.
And I’m not sure what I should think about it today. Mixed feelings, mixed results, because the GDPR sets a consolidated baseline for privacy protection on the EU level but also worldwide, while lots of companies are still in bad shape for their privacy practice, and some old, unacceptable habits are still alive, or even getting worse. So where are we exactly with the GDPR, mid-2019, you think?
1-year baby, growing teenager or grumpy toothless?
First of all, allow me to take a step back: The GDPR is not ‘new’ – check the GDPR History published by the EDPS. The GDPR applies since May 2018; has been ratified since 2016 has gained political consensus since December 2015; the European Parliament adopted it in 2014, and the data protection proposal was presented in 2012. And actually, the GDPR has replaced the European Data Protection Directive 95/46/EC, 23 years later, after its approval in 1995.
An important achievement of the GDPR is that it has (finally) set out the boundaries on a large scale, with a global impact. It has also triggered other nations to align with the new regulations, and that’s good news. In contrast to a lot of other legislations, the GDPR is fairly intelligible and readable, so you could guess it would be implemented fairly smoothly.