General Data Protection Regulation (GDPR), for all its flaws, has had a relatively successful first two years, the European Commission (EC) believes.
According to a recently released report, in which the EC assesses the impact of GDPR in the two years since it came into effect, the regulation served to raise awareness among the general public of issues surrounding personal data.
At the same time, GDPR has not been as impactful as the EC had hoped, primarily
because of the fragmented European market in which it operates, as well as insufficient resources among key privacy watchdogs.
“The general view is that two years after it started to apply, the GDPR has successfully met its objectives of strengthening the protection of the individual’s right to personal data protection and guaranteeing the free flow of personal data,” reads the report. “However, a number of areas for future improvement have also been identified.”
The EC claims that more than two thirds of the EU's population (69 percent) is now aware of the GDPR, while an even greater proportion (71 percent) know their country has a data protection authority.
Further, countries outside the Union, such as New Zealand and Australia, have begun to consider implementing their own versions of the legislation, motivated by the successes of GDPR.
Among the biggest challenges GDPR is facing is the fractured nature of the EU, the report states. Despite it being an EU-wide regulation, local rules still need to be harmonised. Also, individual countries appear to be interpreting the regulation differently.
“Developing a truly common European data protection culture between data protection authorities is still an ongoing process,” the report concludes.