November 15, 2019
A year and a half on from the implementation of the EU’s General Data Protection Regulation (GDPR), employers are being confronted with uneven enforcement and interpretive confusion between EU member states.
Uneven enforcement: Ius Laboris reports in the most recent BEERG Global Labor Newsletter that enforcement authorities in some countries have used the first year as a grace period to educate and promote compliance with the GDPR. Yet in others, severe fines have been levied, as data protection authorities in some Western European countries such as Germany and France appear to have been very proactive in enforcement. Meanwhile, the number of complaints and breach notifications across the EU is growing.
Interpretive confusion: The GDPR has faced some criticism, with commentators noting that the law in its current state is broadly worded, meaning the regulations are open to differing interpretation. This means there is a risk of divergent decisions in different jurisdictions when investigations are carried out.
GDPR to be UK-O’d? Given that GDPR is an EU Regulation, its validity in the UK will come into question following Brexit. Most experts believe that the GDPR will be enacted in UK law after Brexit under section 3 of the European Union (Withdrawal) Act.
The bottom line: The trend towards stricter data protection rules is likely to intensify, as the value placed on an individual’s data privacy continues to rise. It is clear that compliance is key to avoid very significant penalties and organizations and individuals should continue to invest in education and training and promote compliance and best practice.