My colleague from Mission 100, Michael Erner and I* decided a while ago, to fight the negative communication around the GDPR regulation and its potential impacts on organizations world-wide. What has been communicated and distributed by many consultants, lawyers and auditing firms for the last two years was heavily exaggerated and lacked fundamental understanding of the principles which will lead the implementation of the GDPR.
This is our Video Summary
What is written on paper will not necessarily be implemented that way! The GDPR is one of the biggest legislative papers ever issued and took several years to develop. Its level of detail goes beyond any available privacy regulation today! Many of the stipulations made are of such a theoretical nature that implementation in real life infrastructures will be either technically impossible or unpayable.
The mere fact that we are dealing with a network of different legal systems that are in no way consistent should tell the practitioner that the implementation will be quite hairy. It gets even more difficult when considering the implementation in terms of conformity assessment and certification. Today each country, federal state, province, canton, … had its own supervisory authority which carries out examinations in their own discretion. Imagine, that from May 25th, 2018 privacy implementations should be evaluated on one common understanding? Of course, that’s not the case. The supervisors are currently trying to coordinate with a view to harmonizing implementation, which will be more or less successful. It will hardly lead to a uniform interpretation of the GDPR. It is to be expected that, as with other regulations, an active “forum shopping” (forum shopping refers to the possibility of selecting from among several available jurisdictions).
* Bruno Wildhaber and Michael Erner are accredited privacy assessors at the Independent Center for Privacy, Schleswig-Holstein (ULD) and international privacy experts (Europe, South Africa).