The Death of the GDPR

  • Comments posted to this topic are about the item The Death of the GDPR

  • Playing fast and loose with the law and using financial clout to avoid consequences is nothing new.  There have been some great factual books and movies on the subject, such as Erin Brokovich, Unsafe at Any Speed by Ralph Nader.

    GDPR is not intended to crucify small businesses.  The UK information commissioner has made it clear that they would sooner help businesses to comply than come down like the wrath of God on people acting in good faith but getting it wrong.  It is intended to reign in those who deliberately flaunt the law with malign intent.  The problem is that we have organisations that, if they were countries, would be in the G20 and therefore have too much power over things they have no business having power over.

    In my mind there are two parts to a law.  The spirit of the law which is the bit we respect and believe in, and the letter of the law which is an attempt to codify the spirit in a form that will ensure that it is applied fairly and without prejudice.  Getting the letter right is incredibly hard.  If it were easy there would be no need for the judiciary.

    I see GDPR as a tremendously positive step but recognise it has areas that need to be refined.  I would be wary of any attempt to undermine it.  Perhaps I am being unjust but the louder I hear people complain about GDPR the more I question what they are trying to do and the ethics behind what they are doing.

  • That's how I feel. It's a good first step, and it's a way to start getting businesses to be more responsible. Someone yesterday (Eric Russell) posted that maybe companies should get "data licenses" that ensure they know what the law is, they have passwords on systems, etc. That might be a good incentive to help educate and encourage companies to do better.

    I think the GDPR needs refinement, but it also needs some time for us to see how it works and then slowly amend it where needed.

  • I really like the idea of companies gaining certification to handle data. There are other areas where companies have to be certified to do certain things such as being points of presence for direct debit transactions or licenced to handle chemicals.

    I can see a lot of advantages for consumer confidence and incentives to do the right thing

  • I'm concerned that those who are doing the most to avoid conforming with GDPR are getting away with it, and I would like to see the idea that a company's regulator has to be based in the country where the company is be scrapped because it's very obviously not working.  It would be better to forbid companies above a certain size from having their regulator in the EU country where they are based - for example Facebook would probably be in real trouble is their regulator was based in Germany, because Germany is willing to regulate and it is as clear as day that Facebook is violating GDPR on a vast scale and the Irish regulator is protecting them from any consequences.  Then there are outfits like Oath (which includes Yahoo) which designed a model for users to say what they would accept that was clearly intended to be too time-consuming for any user to actually go through it - I don't know whether they still have that, or indeed who regulates them and their subsidiaries such as Yahoo (which before it became part of Oath appeared to try to follow spirit of data protection rules), maybe they are regulated by an American regulator (which is probably not as useless as the Irish regulator but is probably less useful that most European regulators).


  • The thing that disheartened me the most about the Sarbanes-Oxley act was that the very same companies that caused the crisis (eg. Enron's auditors) were able to make vast sums out of consultancy by helping other companies become compliant with the act.

  • Useful or not, if no one gets investigated and fined as a result - it will quickly turn into something useless.  unless you' show that you are in fact willing to flex your (regulatory) muscles, it will be just another "feel good but otherwise worthless" pieces of legislation.  The changes in process only really happen at most places once the first "big fish" gets publicly hauled into court and at least threatened with fines which would sink most companies.  This is what makes the lack of prosecution particularly problematic.

    Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?

Viewing 7 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic. Login to reply