ARTICLE16 January 2020

The GDPR alone is insufficient

The GDPR compromise from 2016 has been shown to have both strengths and weaknesses - particularly from a business perspective. It is vitally important to delivering proper data protection and trust, but it is demanding and costly to adhere to vague and overly-detailed legislation. This creates compelling reasons to discuss how to support compliance and important processing in order to remain technological competitive, says lawyer Carolina Brånby at the Confederation of Swedish Enterprise. The report, entitled “What’s wrong with GDPR?”, is now available in English.

– GDPR has improved the protection of personal data. However, there are huge costs in reaching compliance and great problems in gaining a full overview the implementations and lex specialis in different Member States, says Carolina Brånby.

Many Swedish businesses have described how they have reached a higher level of quality in their data protection. Trade and services providers have seen a valuable increase in consumer trust as the Regulation makes the processing of personal data increasingly transparent.

– At the same time, many companies report challenges in trying to adhere to what is vague and overly-detailed legislation. Yet administrative fines can be enormous, so their compliance must be correct. Despite this, there are many companies without access to in-house lawyers or IT technicians suitably skilled in data protection. Rebuilding and adapting IT systems has proved a challenge, says Carolina Brånby.

This is why the Confederation of Swedish Enterprise has asked data protection lawyers Martin Brinnen and Daniel Westman to highlight the difficulties Swedish companies face implementing the requirements in the GDPR, and to suggest measures for improving the data protection framework. With this report, the Confederation of Swedish Enterprise seeks to contribute to the knowledge of what is needed to create a data protection framework that is predictive and does not hinder the data driven economy.

Europe's representatives have been euphoric about the GDPR's role in protecting citizens' privacy. So far, so valuable and good. However, it is now time to analyse the impact of some parts of the regulation on innovation and international competitiveness. Europe in particular needs to be able to create and use new technologies that can relieve the pressures of an ageing population, protect businesses and citizens and to streamline infrastructure, trade and production to achieve environmental goals. Companies and universities still need to be able to research and develop new solutions, even where personal data is being processed.

– GDPR has improved the protection of personal data. However, there are huge costs in reaching compliance and great problems in gaining a full overview of the implementations and lex specialis in different Member States. Now, Europe and its Member States need to provide supplementary regulations and guidelines that focus on competitiveness and innovation. One need not to exclude the other, and it is high time for a better balance between protection and progress, concludes Carolina Brånby.

GDPR
Contact our EU Office

Address

Rue du Luxembourg 3
BE-1000 Bruxelles
Subscribe to Business Policy Brief
Contact our EU Office

Address

Rue du Luxembourg 3
BE-1000 Bruxelles
Subscribe to Business Policy Brief
Contact our EU Office

Address

Rue du Luxembourg 3
BE-1000 Bruxelles
Subscribe to Business Policy Brief
Contact our EU Office

Address

Rue du Luxembourg 3
BE-1000 Bruxelles
Subscribe to Business Policy Brief
Publisher and editor-in-chief Anna Dalqvist