open search
For those  impacted by the EU General Data Protection Regulation, known as the GDPR since its entry into operation across the bloc on 25 May 2018, it’s quite something to think that the legislation has been with us for five years today.

So what has gone well and what has gone less well?

One of the main purposes of the legislation was to get the topic of data privacy on the agendas of boards –  and this has worked well. The law has increased transparency, proportionality and fairness in the way companies treat personal data. In addition, although there was an initial fear that the GGPR might in practice be quite toothless because regulators were failing to use their power to impose significant fines on companies in breach, in the last couple of years, fines have been increasing. This should only help increase compliance further.

Less effective, perhaps, has been the harmonisation of data privacy rules throughout the EU. Harmonisation has certainly improved, but there is still no ‘one-stop shop’ by which companies can take advice in one country and apply it to all. The rules are still to some extent interpreted differently in different places – with even different regions in Germany, for example, seeing variation in application. This can, unfortunately, make it costly for companies to comply with the GDPR.

What we will be the future for data privacy legislation? We think the interplay between this and emerging AI will be the area to watch.

Meanwhile, enjoy our video discussion below.

To mark the fifth anniversary of the GDPR, data protection experts Alexander Milner-Smith of Ius Laboris UK and Inger Verhelst of Ius Laboris Belgium sit down to reflect on their experiences to date and to think about the challenges that lie ahead for employers when it comes to data protection in the EU and beyond.

Ius Laboris

Ius Laboris is a leading international employment law practice combining the world’s leading employment, labour and pension firms. Our role lies in sharing insights and helping clients to navigate the world of labour and employment law successfully.
Verwandte Beiträge
Internationales Arbeitsrecht

It’s finally here: adequacy decision on EU-US data transfers

Data transfers from the EU to the US will now be easier for many companies, following a long-awaited decision from the European Commission. More than a year after the first announcement of the Trans-Atlantic Data Privacy Framework, the European Commission adopted its adequacy decision on the EU-US Data Privacy Framework (DPF) on 10 July 2023, which entered into force with immediate effect. Transfers to US companies signed up…
Internationales Arbeitsrecht Neueste Beiträge

ECJ rules data subjects entitled to know of recipients

The decision clarifies the scope of the Data Subject Access Request under the GDPR. The ECJ decided the previously open question of how much detail the employer must provide about the recipients or groups of recipients of the personal data upon request.   The right to information under data protection law Under Article 15 of the GDPR, the data controller (in the employment context, usually the…
Brazil Internationales Arbeitsrecht Neueste Beiträge

Data protection in Brazil: what to expect this year

In 2023, the Brazilian General Data Protection Law (LGPD) celebrates five years since its publication. Since its entry into force in 2020, the LGPD has come a long way, but there are several legal issues relating to the protection of personal data that still need further refinement.  Brazilian Data Protection Authority Among the main changes since the enactment of the LGPD has beenthe change in…
Abonnieren Sie den kostenfreien KLIEMT-Newsletter.
Jetzt anmelden und informiert bleiben.


Die Abmeldung ist jederzeit möglich.