When the EU’s General Data Protection Regulation (GDPR) took effect in May 2018, it marked a major turning point in data privacy regulation. Two years on, the GDPR has undergone its first major review.
The GDPR’s two-year report card is mixed. The two-year evaluation report by the European Commission heralds the GDPR’s success in strengthening individuals’ rights to personal data protection. It also finds that the GDPR is proving flexible to support digital solutions in unforeseen circumstances, such as the development of tracing apps during the COVID-19 crisis.
The report does not call for a revision of the rules, but does say it is premature at this stage to draw definite conclusions and acknowledges a number of areas where the GDPR could be improved, including:
- Harmonization between data protection authorities
- Development of a common European data protection culture
- Cross-border case efficiency and harmonization
- Ensuring consistency between guidance provided at the national level and the European Data Protection Board
The report finds overall that citizens are more empowered and aware of their rights under the GDPR, but more can be done to help individuals exercise their rights, notably the right to data portability.
In this article we look at the two-year track record of GDPR, and look at other global privacy regulations in the US, Canada, Brazil, Australia, New Zealand, China, Vietnam, Singapore, Thailand, South Korea, and India.
We also offer guidance for organizations to stay informed and on top of evolving privacy regulations and seeking insurance policy coverage for privacy and data risk exposures.