Derek Mooney writes: On May 25th, the GDPR celebrated its fourth anniversary! Hip- Hip… nothing… OK then. Amid a range of interesting and informative reviews of the impact GDPR has made on businesses, not just those whose sole function is data processing, and on regulatory systems, we came across these two articles – which could be said to come from either end of the spectrum.
The first comes from Asélle Ibraimova and Sarah O'Brien of Reed Smith and is entitled: How the GDPR has had a domino effect. In it they look at how over twenty countries (outside the EU) have used GDPR as a model to shape their own rules on the handling of personal data and considers how certain elements of the GDPR have been or are being adopted in different countries.
The other article comes from Max Schrem’s None of Your Business (NOYB) data privacy group and takes the contrary view, claiming instead that GDPR has not changed a culture of non-compliance and that a large part of the data industry has learned to live with GDPR without actually changing practices. It concludes that more must be done on enforcement and that it is up to privacy activists, such as NOYB to do more.