The enactment of the GDPR in May of 2018 established a new data privacy precedent around the globe. While the GDPR aims to regulate the entirety of personal data processing in Europe, its massive volume and scope stand out from other global data privacy initiatives.
Since 2018, other countries and states have modelled their privacy regulations after the trailblazing standards set forth in the GDPR.
Now, as the GDPR celebrates its 4th (or 6th?) Birthday, join our panel to dissect the impacts of the GDPR on data privacy and what the future holds.
This webinar will review:
- Is the GDPR 4 or 6 years old?
- How has the GDPR advanced the data privacy industry?
- What global changes have come as a result of the GDPR?
- What’s next for personal data processing, international transfers, and enforcement of the GDPR?
3. 3
3
Agenda
• Is the GDPR 4 or 6 years old?
• How has the GDPR advanced the data privacy industry?
• What global changes have come as a result of the GDPR?
• What’s next for personal data processing, international transfers, and enforcement of the GDPR?
4. 4
4
Timeline of Privacy and Data Protection
From 1940s to 2020s…
5
2
0
1
6
-
2
0
2
2
G
D
P
R
,
B
r
e
x
i
t
,
G
l
o
b
a
l
G
D
P
R
i
n
fl
u
e
n
c
e
d
l
a
w
s
,
P
I
P
L
,
L
G
P
D
,
U
S
s
t
a
t
e
l
a
w
s
,
4
2
0
0
0
-
2
0
1
6
R
i
s
e
o
f
M
o
b
i
l
e
,
C
l
o
u
d
,
e
P
r
i
v
a
c
y
,
U
S
s
e
c
t
o
r
a
l
l
a
w
s
,
3
1
9
9
0
s
E
U
D
P
D
,
r
i
s
e
o
f
g
l
o
b
a
l
l
a
w
s
i
n
E
U
i
n
fl
u
e
n
c
e
d
c
o
u
n
t
r
i
e
s
,
i
n
t
e
r
n
e
t
u
s
e
1
9
7
0
s
a
n
d
1
9
8
0
s
G
r
o
w
t
h
o
f
C
o
m
p
u
t
i
n
g
,
O
E
C
D
P
r
i
n
c
i
p
l
e
s
,
C
o
n
v
e
n
t
i
o
n
1
0
8
+
,
fi
r
s
t
E
U
l
a
w
s
,
U
S
F
I
P
S
2
1
1
9
4
0
s
a
n
d
1
9
5
0
s
H
U
M
A
N
R
I
G
H
T
T
O
P
R
I
V
A
C
Y
,
c
i
t
i
z
e
n
v
s
s
t
a
t
e
,
C
o
E
,
E
C
H
R
,
U
N
,
U
D
H
R
5. 5
5
EU GDPR Evolution
Regulation 2016 / 679
June 25, 2015
First meeting of the
Trilogue EU Council
Parliament and
Commission.
Agreement reached 15
December 2015
April 27, 2016
GDPR Published in the
Official Journal of the
EU as regulation
2016/679,
alongside
680 - Law enforcement
directive
681 - Passenger name
record Directive
May 24, 2016
Law “enters into force”
20 days after
publication in OJEU,
member states have
grace period before it
has direct effect
May 25 2018
Law “applies” to
member states and
can be enforced by
regulators
June 22, 2011
EDPS Opinion on EC
Communication 'A
comprehensive
approach on personal
data protection in EU'
Followed by EC
proposal 25 Jan 2012
SOURCE: https://edps.europa.eu/data-protection/data-protection/legislation/history-general-data-protection-regulation_en
6. 6
6
Evaluation of Success or Failure?
Criteria to decide
Vestibulum
congue
Vestibulum
congue
Enforcement action,
Court judgement
Public Awareness
Rights Requests
Media Coverage &
Column inches
Public Awareness
International
Influence
7. 7
7
Nothing is ever finished… only abandoned
ePrivacy Regulation
- Supposed to go into effect as same time as the GDPR
- Heavily lobbied against by industry
International Transfer issues
- EU US Safe Harbor dead, Privacy Shield Dead
- Other mechanisms require supplementary measures (Schrems 2)
- Adequacy granted to S Korea, Japan, UK, but older directive grandfathered adequacy may not pass muster.
Brexit,
- 1 Jan 2020, UK leaves the EU, and creates legislation to create a “UK GDPR” to amend the EU version and their “Data Protection
act 2018” to change application in the UK.
- ICO ceases to be competent EU supervisory body and leaves EDPB.
- UK issues IDTAs and own Adequacy intentions
- Potential UK Data Reform Act announced to eliminate “EU red tape” and “unlock the power of data innovation”
New EU laws 2022
- AI
- Data Governance
Current issues abound
8. 8
8
Thank You!
See http://www.trustarc.com/insightseries for the 2022
Privacy Insight Series and past webinar recordings.
If you would like to learn more about how TrustArc can support you with
compliance, please reach out to sales@trustarc.com for a free demo.