GDPR regulators have been busy. They issued hundreds of fines to companies, including Google and Facebook, more than €114 million in the first 20 months of GDPR. Later this year, on May 25, the European Commission will produce a report, as mandated by Article 97. This report will contain an evaluation of the progress made under the GDPR and the challenges encountered and likely for the basis of any major upcoming reforms.
However, are other developments, like Brexit, other countries introducing their own data protection laws, and rulings from the Court of Justice of the European Union that could have an immediate effect on the GDPR this year. This blog post will give you a sneak peek at what the next year holds in store for the GDPR, what could change, and how it could impact your business.
A year of great expectations
While it is true that Facebook, Google, and WhatsApp have received GDPR fines, their number and size disappointed GDPR’s advocates. The French data protection agency fined Google a record €50 million, but this amount is a rounding error compared to its overall budget. For the largest tech companies to truly take data protection seriously, experts think that the fines will need to be much higher. None other than Margarethe Vestager, head of the European Commission, has called for stronger enforcement of the GDPR and policies that promote competition in the tech industry.
Additionally, as of July 2019, some countries — namely Greece, Portugal, and Slovenia — still had not brought their national laws into accordance with the GDPR. Others are still hiring and training staff for these new regulatory bodies. This lag means that the GDPR has not been fully enforced across the EU. Because a country needs national laws in place before they can have a data protection agency, they delay impacts the number of people in the EU who can file a complaint or even just understand their rights. That should end in 2020 as these last countries implement national legislation, incentivizing Greek, Portuguese, and Slovenian companies to ensure they are fully compliant.
This could be a make-or-break year for the GDPR as it attempts to establish comprehensive and strong data protections.