GDPR in practice: The General Data Protection Regulation starts achieving its intended goal

For a number of companies and consumers, 25 May 2018 was a revolutionary milestone in terms of personal data importance. Partly given the significant attention paid by the media, consumers and organisations started recognising their respective rights and obligations. The regulation, which was approved in April 2016 and came into effect two years later, resulted in a number of changes in the functioning of the affected organisations. What changes were they? What is the public perception of the GDPR? Has anything changed in practice at all?

Viewpoint one: consumers

In general, with the practical introduction of the GDPR, consumers have been more interested in their personal data and the form of their subsequent processing through organisations to which the data were provided. Customers are more cautious about the companies that they do not know too well or that have a bad reputation from prior years and they are more likely to read the terms of personal data protection in the companies.

Do you know that… A third of users admit that they do not read company arrangements on personal data protection at all. For more than a half of respondents, potential misuse of personal data for the benefit of a third party is a significant risk and nearly 20% of respondents confirmed potential termination of a business relationship with an organisation from which the personal data disclosed would leak. More than a half of respondents are willing to provide additional personal data in exchange for an option to receive a personalised proposal or a discount. The positive news is that for the same number of respondents, the personal data protection issue has been clearer now.

In terms of exercising rights, the most common knowledge among respondents is that consents may be recalled while the option to transfer and access personal data is the least used right. The study shows in general that more than a half of respondents are aware of the rights resulting from the GDPR; however, only 12% of respondents have ever exercised them. The proportion represents a relatively high number of informed users compared to the results of studies on the implementation of other regulations, where awareness usually ranges between 10-30%.

Viewpoint two: organisations

Preparation for 25 May 2018 required from many organisations much time as well as significant financial investments that the companies continue to make after the key date in May. Many of them increased their HR capacities due to the GDPR implementation but in their opinion, they are still insufficient. The most frequent obstacle is the lack of funds for the long-term engagement of external human resources. In terms of increasing in-house resources, firms often face a low number of qualified people on the labour market, which primarily relates to the low unemployment rate.

At the same time, 92% of organisations have confirmed that they have been able to keep the implemented standards in the long-term horizon. It may be concluded that most organisations use various internal and external tools to support GDPR-related activities. Another crucial factor is the ethical and responsible behaviour of organisations in the sector. Compliance with the rules relating to the GDPR implementation is one of the key factors in building an organisation’s confidence and good reputation. 59% of respondents agree with this statement. Nearly a half of respondents believe that now organisations have been committed to correctness in personal data management more than before the GDPR implementation. The consumer awareness of the processing and using data by organisations has also increased.

We did extensive research on the GDPR in 11 countries covering 2,750 respondents. The purpose of the study was to identify the progress of implementation and the impacts of related GDPR measures from the point of companies and the affected consumers half a year after the effective date. Are you interested in more details? Look through the entire report.

View of practice: The GDPR in the Czech Republic

What is our experience from GDPR projects? We can confirm that the study conclusions correspond more or less to our experience from the implementation of projects in the Czech Republic. The GDPR’s coming into force resulted in a wave of applications to exercise data subject rights, which was in many situations driven by the initial euphoria in finding out “what the company knows about me”. The number of applications has continuously decreased with time and after six months, the exercise of rights is more frequently required by persons who have a real interest in exercising some of their rights than it was shortly after the effective date.

On the part of companies, the initial stress from the effective date has been released, many companies have been working on fine-tuning and increasing the effectiveness of their processes, which were often designed in a hurry in order to meet the deadline in May. Some of the organisations consider a possible synergy with the expected ePrivacy regulation. The regulation aims at protecting the content of communication (such as instant messaging, VoIP, e-mail and communication services) together with the data produced by these means of communication. In business terms, we can expect considerable impacts on possible monetisation of data collected through cookies.

The article is part of dReport – March 2019, Legal news.

GDPR dReport newsletter

Rising prices of construction material complicate the public procurement process and performance of public contracts

In early September, the Czech Ministry of Regional Development and the Office for the Protection of Competition issued an opinion on the price increase of construction material. This way, the authorities respond to the rising prices of reinforcing steel, thermal insulation, scrap iron and other material by tens or even hundreds of per cent. The reason for the price rise is a lack of the mentioned goods on the market and related long delivery times. The authors of the opinion present possible solutions to the problems that can arise in the public procurement market as a result of this situation. 

22. 9. 2021

Private financial institutions are the new supervisors of environmental regulation. The courts’ approach is also changing

Regulations in the area of environmental law are constantly increasing, which means that sustainability is an increasingly important topic that directly affects individuals, companies and states. However, oversight of compliance with the new rules is no longer exercised only by environmental inspection authorities, but also by private financial institutions. The courts whose decisions directly affect the corporate and state responsibility for climate change have also adopted a new approach to this issue. Read about the most important events in environmental law in Q2 of 2021 and get acquainted with regulatory news that will affect the future of sustainable business throughout the European Union. 

28. 7. 2021

The EU wants to achieve climate neutrality by 2050, then it will aim for negative emissions

The existential threat resulting from climate change demands that the EU as well as its member states heighten their ambitions and intensify their measures. This is reflected not only in the EU’s approach to the European Climate Law and in the constant collection and analysis of data (referring to carbon rates, for example), but also in a change of the judicial ruling practice. In a recent ground-breaking verdict, a Dutch court ordered a private company to adjust its activities with regard to the need for tackling climate change. 

28. 7. 2021