zlacker

[parent] [thread] 2 comments
1. ealexh+(OP)[view] [source] 2018-05-18 08:30:19
I'm not sure about the point regarding the DPD. EU Directives themselves don't have teeth, but they're supposed to be transposed into national laws - e.g. the DPA in the UK - and would be enforced nationally. A regulation comes into law across the EU, but is still often transposed, and the enforcement mechanism (to begin with) is still basically the same.

He's right that the DPD was not well-adhered to, though.

replies(1): >>gcthom+B
2. gcthom+B[view] [source] 2018-05-18 08:35:31
>>ealexh+(OP)
The problem with the laws stemming from the DPD was that there were different laws in each EU country, and the enforcement options were too weak for slippery international corporations.

One critical change in the GDPR is the mandatory reporting of significant breaches. Before, it was entirely optional, so reports could come out years after the even once the material surfaced online.

replies(1): >>ealexh+D1
◧◩
3. ealexh+D1[view] [source] [discussion] 2018-05-18 08:48:43
>>gcthom+B
Sure, it wasn't consistent, but the argument about lack of enforcement really comes down to the national regulators not taking their jobs seriously enough or being given sufficient resources. The ICO in the UK has only ever issued pretty small beer fines.

The problem with self-regulation in this area is that there is significant competitive advantage to be gained by not being particularly careful. In that sense, I think GDPR evens the playing field.

[go to top]