GDPR’s 2nd Anniversary: Experts discuss its impact

Today marks the 2nd anniversary of the European General Data Protection Regulation (GDPR). 

Over the past couple of years, the new data protection law aimed to tighten the out of date rights of individuals to give them back control of their data. Since its introduction in May 2018, it has influenced the global landscape of business, data protection, privacy and beyond with more and more data protection laws being introduced across the world. 

PrivSec spoke to several data protection experts about the impact of the regulation over the past couple of years. 

Nathalie Laneret, Director of Privacy Policy, Center for Information Policy Leadership explained the benefits of the legislation: “Because GDPR is principle-based, outcome-based and risk-based, it constitutes a solid foundation for building effective protection and trust for individuals while enabling the digital economy, including at time of crises.”

Vivienne Artz, Chief Privacy Officer at Refinitiv commented on how the current pandemic tests the law: “GDPR was in many ways a game changer for privacy not only in the EU, but in the world. Two years on, we are living the new reality and feeling the impacts of this ambitious legislation, including how “fit for purpose” the GDPR is in the face of a global pandemic, and the need to process sensitive and location data in new and creative ways.”

Steve Wright, Partner, Privacy Culture (former DPO of Bank of England and Unilever), reflected on both the positives and negatives of the law: “It’s been two years since the introduction of the people’s data protection law and you have to ask yourself whether it has made any difference? Well, it depends. This is because nearly everyone I know or speak to – regularly considers the implications of privacy, or questions whether an app or more recently – a Government can be trusted with maintaining their privacy. So GDPR has, arguably helped the general public understand that they are entitled to some level of privacy. 

He continued: “The flip side, is that after all the hype about fines based on 4% of turnover, the regulators across Europe have struggled and found it equally difficult to enforce privacy fines upon organisations unless of course, they were unfortunate enough to suffer a breach. In other words, they were not sufficiently geared up enough to cope with demand, and have become reactive enforcement, rather than proactive. 

“So some good news, especially for individuals and consumers, bad news for organisations whom were not ready or have tried to add this as a compliance condiment, rather than training all their staff. The current pandemic will teach us many things, like what’s really important to us, and for me, the question of privacy and GDPR more specifically will continue to have a massive (positive) impact on legislators and organisations around the world. So all in all. It’s a very good thing and has made a massive difference to all our lives.” Steve added.

Join Steve, Vivienne, Nathalie, and Mateusz Gędźba (DPO at Aon Poland) this Thursday (May 28th) as they reflect on the second anniversary regulation at the free to attend monthly virtual event, Last Thursday in Privacy.

The panel discussion, taking place at 11am BST with explore:

  • Whether GDPR has made a difference?
  • Is enforcement working, globally are DPA’s doing enough, should they change approach?
  • Has trust been eroded or enhanced by GDPR?
  • What has changed since the introduction of this law to the individual? 
  • What does the future look like in another 2 years, where will we be? 

This session will be one of twenty-two sessions for the second edition of Last Thursday in Privacy, a full day of panel discussion and webinars looking at the hot button topics in data protection and cyber security. 

Across the day, industry experts will discuss a plethora of topics including: 

  •  Phishing and Cybercrime: Current Trends and Challenges
  • Contact Tracing Apps: Privacy and Security Concerns from Across the Globe
  • Biometric Data under GDPR: Employees Privacy Concerns in the Age of Covid-19
  • Nation States Attacks APT41 and Ransomware during COVID-19 – view from the Cyber Emergency Room Operations
  • Top 10 takeaways from GDPR on the 2 year anniversary

For more information and to register for the event, visit here.


Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.