1 minute read
Background
Introduction
Background
Advertisement
More than two years have passed since the General Data Protection Regulation (GDPR) became applicable in the European Economic Area (EEA), which encompasses the territory of the Member States of the European Union (EU) as well as Iceland, Liechtenstein and Norway. The first round of evaluation reports by the European Commission and the European Data Protection Board consider the GDPR to be a great success.1 Its harmonized rules for the processing of personal data have arguably improved data handling practices and enhanced individuals’ awareness regarding their rights.2 Furthermore, it is suggested that compliance with the GDPR can act as a competitive advantage, fostering consumer trust and providing new business opportunities.
However, attaining compliance and unleashing such competitive advantages requires a sound understanding of personal data protection principles and other legal notions found in the EU data protection framework. This is extremely difficult to achieve for smaller organizations, in particular, small- and medium-sized enterprises (SMEs). While the processing of personal data for many SMEs is unavoidable, it is often not their core activity and, consequently, they lack the sufficient human or financial resources to achieve adequate compliance.3
1 European Commission, ‘Communication - Two Years of Application of the General Data Protection Regulation | European Commission’ (2020) https://ec.europa.eu/info/law/law-topic/data-protection/communication-twoyears-application-general-data-protection-regulation_en; European Data Protection Board, ‘Contribution of the EDPB to the Evaluationof the GDPR under Article 97’ (18 February 2020) https://edpb.europa.eu/sites/edpb/files/files/file1/ edpb_contributiongdprevaluation_20200218.pdf. 2 European Union, ‘Special Eurobarometer 487a: The General Data Protection Regulation’ (2019). 3 For example, personal data are processed in order to execute payments for employees, or to contact clients. CCTV systems at the premises of an SME in the footage also capture personal data.
