General Data Protection Regulation (GDPR) – a single law
In Varietate Concordia: translated as Unity in Diversity, the official motto of the European Union, encapsulates the hopes that Europeans can be united in working together for peace and prosperity. This sentiment is at the heart of all developments – from the abolishment of passport controls within the Schengen Area through to its recent plans for a Digital Single Market.
And it is once again present in the European Commission’s attempts to unify data protection within the EU through the General Data Protection Regulation (GDPR) – a single law, applicable to all 28 member states, which aims to build trust within the region and bring data protection up to date in light of new technological developments such as cloud, social and mobile.
In the past, European countries have adopted different approaches and interpretations to data protection making it difficult for non-EU organisations to demonstrate compliance easily – often leading to confusion among citizens. A new single harmonized Data Protection Regulation will go a long way to resolve these issues, making it easier for non-EU companies to operate in a single European market and providing increased confidence for its citizens.
There is a constant tension between the ability to do increasing amounts of business online and the right to privacy, with consumer data being properly safeguarded. GDPR attempts to define where that balance should be, identifying a number of rights for citizens and a number of responsibilities that organisations must adhere to.