Taking stock after 100 days: how are things going with GDPR?

Before 25 May 2018, there was a lot of reporting and heated discussion about the upcoming implementation of GDPR and all its legal consequences – now, on 1 September, the European General Data Protection Regulation has already been in force for 100 days. Time for an initial review.

Taking 25 May 2018 as the first day of validity of the European General Data Protection Regulation (EU GDPR) following the two-year transition period, 1 September 2018 marks 100 days of the new law – an opportunity for an initial review. How are things going with the EU GDPR? Job Wizards listened to what people had to say and did some online research.

The biggest challenge for small and medium-sized businesses – documentation and reporting procedures

The 100-day review from the German Association for Small and Medium-sized Businesses (BVMW) is critical: ‘The authorities are overwhelmed as there are too few members of staff for the number of enquiries, entrepreneurs are still uncertain, as there are many unanswered questions about GDPR, and politicians don’t know what to do,’ reports Eberhard Vogt, Press Officer for the BVMW. He continues: ‘Many small and medium-sized businesses don’t know what they should and should not do according to the regulation: do I have to document this process? Do I have to register these plans with the authorities or not – which, by the way, is another reason the authorities are overwhelmed, because to stay on the safe side entrepreneurs are transferring almost everything. Furthermore, different interpretations of the regulation exist in the individual federal states.’ The provisional summary is: ‘What entrepreneurs need is a GDPR road map approved by all the authorities.’

100 days of the EU GDPR – time for an initial review: how are things going with the new law? #jobwizards http://bit.ly/2PWu7aH

CLICK TO TWEET

Positive trend: three-quarters of all companies intend to fulfil the GDPR standards by the end of 2018

‘Small and medium-sized companies in particular had difficulty adjusting to the new General Data Protection Regulation rules. In many cases, it used up a lot of time, patience and money,’ says Fabian Wehnert, head of the department for small, medium-sized and family companies at the Federation of German Industries (BDI), regarding the experiences of SMEs in Germany. Nevertheless, the EU GDPR is ‘a milestone, as for the first time there is a shared data protection standard for all companies and all other institutions in Europe,’ Fabian Wehnert adds.

Apparently, most entrepreneurs share that view, as a study recently published in the USA* shows that – even if not all companies in Europe and the USA managed to implement GDPR on time by 25 May – 96% have begun implementation and 74% expect to meet the standards by the end of 2018. 93% intend to reach this goal over the course of 2019. An initial inventory with which data protectors can be very satisfied.

‘Small and medium-sized companies in particular had difficulty adjusting to the new General Data Protection Regulation rules. In many cases, it used up a lot of time, patience and money. At the same time, the actual sanctions threatened were – and are – nowhere near the horror scenarios that some had pictured beforehand.’
Fabian Wehnert, head of the department for small, medium-sized and family companies at the Federation of German Industries (BDI)

Within the course of EU GDPR, countless small businesses and associations deleted their websites for fear of reprimands. Did you expect that kind of reaction?’
Ansgar Skoda, freelance journalist, interviewing data protection expert Ralf Bendrath on Treffpunkteuropa.de

‘No, [we] really didn’t [expect] such extreme reactions. It really seems to be a particularly German phenomenon. We haven’t heard of anything like that from other EU member states. It seems a bit of targeted panic was stirred up.’
Ralf Bendrath, data protection expert and close colleague of Jan Philipp Albrecht, seen as one of the fathers of GDPR, on Treffpunkteuropa.de

Achieving and maintaining GDPR compliance is a complex and expensive initiative for companies of all sizes, across all geographies and industries. While only a small percentage (20%) reported being compliant by the May 25 deadline, almost all have started (96%), three quarters (74%) expect to be compliant by the end of 2018 and almost all (93%) expect to be fully compliant sometime in 2019.
From the conclusion of the July 2018 Research Report commissioned by TrustArc on ‘GDPR Compliance Status – A Comparison of US, UK and EU Companies’

‘We are closely connected to the European small and medium-sized businesses’ umbrella organisation European Entrepreneurs. There, it is clear: while Germany is taking care to adhere precisely to the regulations, not everywhere in Europe takes the same approach.’
Eberhard Vogt, Press Officer for the BVMW (German Association for Small and Medium-sized Businesses)

Digital monitoring company Catchpoint found that after GDPR went into full effect in late May, many EU site versions for US-based news organizations — suddenly unburdened by a huge number of third-party tags — started running much faster and delivering a better user experience.

‘This is a direct result of the fact that many external third-party elements previously integrated into these pages (which could impact user experience and performance) have been stripped away, including ad servers, Google services/analytics, social media plug-ins and more’
Catchpoint Chief Executive Mehdi Daoudi im Interview mit Martech Today Autorin Robin Kurzer

Latest & Greatest