How much is digital data protection worth

Consequences of the GDPR: Europeans place more value on data protection

When the General Data Protection Regulation (GDPR) took effect a year ago, there was great excitement. But that also has its good points, as is now being shown: The citizens know their rights and are not afraid to demand them.

One year after the introduction of the new EU data protection rules, two out of three EU citizens (67 percent) have heard of the General Data Protection Regulation. Almost as many (57 percent) know that there is an authority in their country that is responsible for the protection of their personal data. Compared to 2015, this is an increase of 20 percentage points, as the EU Commission announced on Wednesday, citing a Eurobarometer survey. "People are becoming more and more aware - and that is encouraging," said EU Justice Commissioner Vera Jourová and Commissioner for the Digital Single Market, Andrus Ansip, in a joint statement.

Meanwhile, companies and associations continue to reiterate their points of criticism. The Federal Association of the Digital Economy (BVDW) published the results of a current member survey on Wednesday. Accordingly, the negative effects of the GDPR are clearly noticeable on companies. 39 percent of the digital experts in the 237 member companies expected a drop in sales. According to this, 32 percent have restricted their digital activities. BVDW Vice President Thomas Duhr sees the "massive legal uncertainty" as the cause. The digital association Bitkom recently emphasized that small and medium-sized companies in particular would have to struggle with implementation.

Companies are being forced to "spring clean"

Many companies have now done their homework, "a kind of spring cleaning", stressed Tine Larsen, head of the data protection authority in Luxembourg. "It surprises me when companies complain now, because data protection and data security were not only created with the GDPR." The principles are the same as before. "Actually, the companies should have taken care of it many years ago."

The GDPR has been in force in the EU since May 25, 2018, after a two-year transition period. In essence, the processing of personal data is regulated by companies, organizations or associations. This should give users back sovereignty over their data. For example, consumers have a "right to be forgotten". Data that is no longer required for the original purpose of storage must be deleted. There is also the right to information. Companies and organizations must make stored data available on request.

"Nothing happened for two years."

As of the reporting date last year, there was often talk of panic among companies. After all, since then, for the first time, there has been a risk of high fines for violations. "I would do one thing differently today," said former EU Commissioner Viviane Reding, who presented the first EU Commission draft for the new regulation in 2012, on Wednesday. "I would no longer give market participants a two-year transition period." If panic broke out shortly before it came into force, that would mean: "Nothing happened for two years." Governments and companies had been "in a deep sleep" for two years. "Then panic immediately, but also data protection immediately."

According to preliminary figures, over 144,000 complaints were received by the national data protection authorities last year. Most related to phone sales attempts, commercial emails, or video surveillance. The data protection authorities have initiated almost 450 cross-border investigations. "The main goal of the rules has been to give people more power and help them gain control over their personal information. It's already happening," said Jourová and Ansip. In addition, the GDPR has become the global reference in terms of data protection.