I’m very interested in how the execution of the GDPR will look like in real life.
What is GDPR?
Stronger rules on data protection from 25 May 2018 mean citizens have more control over their data and business benefits from a level playing field. One set of rules for all companies operating in the EU, wherever they are based.
This sounds very good, doesn’t it?
For the companies this means some new challenges: the requirements of GDPR are complex to understand, even more complex to implement and they build on an already implemented corporate data governance framework that in most cases far from being GDPR-ready. For small- and middle-sized firms the investment needs are very high in relation to the company turnover.
This is why it is interesting how the EU members will execute upon the regulation. One example is the Hungarian legalization published yesterday. The Hungarian authorities admit that there are only a few interpretation possibilities left open by the regulation. This however allows them to focus on notifying small and medium sized companies about data breaches, whereas the large international players must pedantically execute the regulations.
Of course after a notification a smaller firm must also implement the missing controls – but a large fine is not the primary goal.
Will this be a pattern followed by most of the member states?