Europe’s most famous technology law, the GDPR, is next on the hit list as the European Union pushes ahead with its regulatory killing spree to slash laws it reckons are weighing down its businesses.
The European Commission plans to present a proposal to cut back the General Data Protection Regulation, or GDPR for short, in the next couple of weeks. Slashing regulation is a key focus for Commission President Ursula von der Leyen, as part of an attempt to make businesses in Europe more competitive with rivals in the United States, China and elsewhere.
They intend to simplify compliance, not axe the law. And this is needed if Europe wants to make itself independent of USA and China on the tech front.
You who are against this, have you ever had to deal with GDPR? It is a nightmare and I am certain American big tech is secretly celebrating it, because it kills any European startup alternatives, because they cannot afford to employ enough people to be compliant with the law and if they try to do it with existing personnel they don’t have enough time left over to actually run their business.
If you have ever complained that there aren’t enough European alternatives, GDPR and other legislation is the reason why. USA shoots itself in the foot with tariffs and we Europeans shoot ourselves in the foot with regulations. I am just really glad the EU commission has realized this and are fixing it.
Am DPO. What do you mean? GDPR is trivial to deal with and you do not need to employ additional personnel beyond a DPO. They don’t even have to do it full time.
There are certain few business models that explicitly rely on exploiting personal data, but them being slowed down is very much the intention.
It is not trivial, the existence of you job makes that self-evident. If it was trivial companies wouldn’t need a DPO, would they? I would love to see you walk up to your employer and tell them that your job is trivial and anyone can do it…
You might not see this yourself, but the fact that even a small company needs a DPO in order to interpret data protection regulation IS the problem! But I am sure you are not complaining… It needs to be simplified so a small company can be GDPR compliant without requiring a DPO.
This problem is recognized in the report from the EU commission linked in the article, which is why they are acting.
The fact that small startups cannot even take off because they cannot afford to hiring the bureaucrats required to interpret and be compliant with regulation is a massive problem and one of the reasons Europe’s economy is stagnating. It is not about exploiting personal data, it is about the cost of bureaucracy killing European startups in their infancy.
Again, as someone who performs the job, I’m telling you: It’s trivial. Come on, don’t try to somehow ‘reason’ that away, that’s just silly. Many jobs are trivial, many jobs need to be done. Mine needs to be done because it’s mandated, not because it’s hard. And I could, in fact, walk up to my employer and tell them that it’s trivial because they would understand - both my boss and I took the same one-day course to become certified.
Again, I don’t know what you think the workload entails, but if you want more specifics I can tell you that my position as a DPO takes up less than 5% of my time and most of that falls to preparing the yearly internal employee training course and the rest is basically automated. It’s not some kind of full time profession unless you have a gigantic corporation or literally run a legal business offering external DPO services. Compare it to the position of something like a medical first responder, if that exists where you live.
In fact, I’m going to do you a solid now and break down the certification course: If you handle personal data, write down where it is and who does what with it. Don’t ask for personal data that you don’t need to perform your function, don’t share personal data with third parties, delete all personal data the moment you don’t need it any more. There, GDRP-compliance for the vast majority of businesses in just one paragraph.
It truly is very, very trivial - as is the whole GDPR main text, for that matter. It’s well structured and uses simple wording.
Ah yes, the Draghi report. “Europe must invest twice as much as it did rebuilding after World War II, allow more tech and telecoms companies to merge and take drastic measures on defense spending”
If you’ll have another look at the article, that’s part of the massive industry lobbying effort that they’re referring to.
I don’t know how else to put this, but this is just not a real problem. I’m reluctant to outright call it a fiction, because there might always be information that I’m missing, but as someone who has worked in the field for about 3 years now I’ve never come across internal or external reports of businesses who could not afford GDPR compliance. Again, that would be silly, that’s like complaining about building code because you have to spend a pittance on fire extinguishers.
I completely agree! GDPR was good in theory, but it’s really hindering us in practice. Coming from someone working in healthcare.