Freely subscribe to our NEWSLETTER

"The European Commission’s report on the operation of the GDPR, two years since it came into effect, provides high praise for its achievements, claiming that it has ’successfully, met its objectives of strengthening the protection of the individual’s right to personal data protection and guaranteeing the free flow of personal data within the EU’. While it is certainly the case that the GDPR triggered a huge amount of compliance activity between 2016 and 2018 and lots of news coverage, which helped to raise awareness levels of data protection rights, the lack of empirical evidence to support the Commission’s claims stand out.

"A key problem to note is that there is an absence of such evidence on data protection performance levels under the previous legal regime (the 1995 Directive), so, therefore, there isn’t a benchmark available to substantiate progress made under the GDPR. In contrast, reports of personal data security breaches have not run dry, there are still structural problems in the AdTech environment and with the ceaseless progression of developments in technology, such as facial recognition and AI, there have to be doubts about the ability of the law and the regulatory system to keep up speed.

"The GDPR is certainly a good and welcomed innovation, but perhaps we should divorce legislative intent from the realities on the ground, within which there remain serious problems with the resourcing levels of the regulatory offices compared to the work that needs to be done and low levels of enforcement activity."