"the GDPR has the potential to escalate to those levels but in the spirit of the good natured enforcers ..."
The author seems to have the idea that bureaucratic EU systems are inherently "good" and that even if things look bad on paper, it will be fine because they are "good" people. This is not how the legal system or legal compliance works.
Yes, we shouldn't aim to give governments power to push things to an extreme, but on the other hand we should also ensure that they have the ability to actually react to serious abuses.
In particularly in the area of data protection, I don't know of a single example where the rules have been pushed to the extreme. If anything, as a private citizen I'm disappointed there's not been stricter enforcement. As someone who has had to deal with it on the corporate side as well, it's not been hard to comply with.
Enforcement here is generally always strongly predicated on not jumping straight to the strictest possible outcome, but in carefully considering how serious a transgression is. It's not that EU systems are inherently good, but that history and practice have shown that when they give flexibility, it takes serious abuses and ill intent to end up with the strictest reactions allowed, and there'd also be little reason to assume that anyone rushing to the strictest interpretations possible wouldn't get shut down hard by the courts.
It seems many commentators here are confusing criticism of the GDPR with criticism of the EU itself. Surely people are sophisticated enough to understand that they are 2 hugely different things, and that a robust criticism of regulations and laws are part of a healthy democratic society.
There has been ample history on how these regulators have been working over the past 20-40 years.
It's not, because as the article explains, experience with the existing regime shows that, the good natured regulator will send you a helpful and explanatory warning letter that tells you what you need to do to become compliant before jumping into fines.
An un-good-natured regulator would behave rather differently.
Their goal is not to destroy companies, it's to make them compliant, and it's much easier for them to do that with communication than expensive legal action.
This is what risk is. Absolutely, don't panic. But responsibly managing risk means considering the 100% real and existing option of regulators abandoning their previous caution and trying out their new teeth. Perhaps they get reined in, but perhaps that takes 10 years, or perhaps it turns out to be politically convenient not to rein them in a all. There are 28 EU countries, so 28 regulators, only one ambitious rising star at one of which need to "break bad".
Yes, I agree that this is probably a very small risk. But having a calm and correct view of the fact that there is a risk is 100% the right move here. Something like every other lawyer in Europe is worried about this right now, and do think it's a bit of a big deal. Don't panic, but take the advice of a non-lawyer's blog over your actual lawyer's at your own extreme peril.
My chief concern is that this will end up being an instrument wielded by big business (through political connections) at the expense of smaller companies, especially smaller overseas competitors but also domestically. If EU-US relations continue to sour, it could also become a weapon in a hypothetical trade war, which I guess is probably one of the "benefits" from an EU government perspective.
Codifying privacy protection is important, but GDPR favors big companies and governments too strongly over already risk-burdened entrepreneurs.
That's not what happened. Various people pointed out various cases where it's shown over the course of 20 years what happened. Ample history.
> Don't panic, but take the advice of a non-lawyer's blog over your actual lawyer's at your own extreme peril.
Are you from the US or EU? Immediately going to a lawyer seems strange and unique to me. Within a big company, yeah, lawyer. Anything else unless you're doing something specific I don't see why.
Yes, and other various other people are pointing out that now there's a new law that changes a lot of things, perhaps what happened in the last 20 years isn't a perfect guide for what's going to happen in the future.
> Immediately going to a lawyer seems strange and unique to me
I'm from the EU, and I go to lawyers for things much smaller than those that can get me fined 4% of turnover. And so should you, if you're serious about managing your risk. If your things are in order, it's not terribly expensive, and you get to lean on your lawyers professional liability insurance if things get weird regardless.