Bonn, 25/05/2019
Press release /9
The First Anniversary of the GDPR - a Success with Potential for Further Growth
One year after the date of application of the General Data Protection Regulation (GDPR), the Federal Commissioner for Data Protection and Freedom of Information (BfDI), Ulrich Kelber, draws a positive conclusion. Data protection is strengthened by the new legislation applicable throughout Europe, although there are still areas where improvements can be made.
Looking back over the last 12 months, the BfDI gives the following summary: In my view, the first year of the GDPR is undoubtedly a success story. If one considers the partly absurd scaremongering which accompanied the start of the application last year, it must be noted today that the GDPR has considerably advanced data protection not only in Germany and Europe, but even globally. Many people and businesses that have not taken care of data protection before have dealt with the issue. Even in countries such as the USA and Japan, the GDPR has an impact and is used as a model and as a guiding principle for their own national data protection legislation.
The new data protection awareness entailed by the GDPR is also reflected in the enormous increase in the number of requests and complaints to the supervisory authorities. The BfDI alone received almost 15,000 complaints and notifications of data breaches from 25 May of the last year to 30 April of this year. This represents a three-fold increase compared to the whole year of 2017.
Despite the positive trend, especially the sometimes absurd discussions about doorbell nameplates or blackened kindergarten photographs prove that also in the future, it will be important to ensure that citizens and businesses gain an even better understanding of the new right. In this connection, concerns and criticism of the GDPR also need to be addressed and discussed in the context of the upcoming evaluation next year. In this respect, efforts should be made to dismantle unnecessary bureaucratic obstacles relating to, for example, information- and documentation requirements, and to identify the best possible way to close existing legal gaps, such as in the area of profiling and scoring. It is equally important to urgently adopt the ePrivacy Regulation, which was initially intended to enter into force at the same time as the start of the application of the GDPR one year ago.
The BfDI therefore warns against resting too long on the laurels of the previous successes of the GDPR: The next year will become a litmus test for us. We will only see how well the GDPR really protects people if we effectively enforce the GDPR in practice vis-à-vis the large IT-companies such as Facebook or Google. To this end, we, in our function as data protection supervisory authorities, need to cooperate even better and closer not only at national, but at European level. This is one of the most important tasks for the next year.