GDPR has been in effect for a month today. Lawsuits have been filed, surveys have been done, and the UK has taken some action. But in Brussels there is only silence.
The last announcement on the EU’s data protection site was on May 31. Either the entire world is in compliance or the EU’s data police are out of the office.
Where are those ruinous fines the EU has warned us about?
Meanwhile, confusion reigns. For example, The Register reports that many non-EU websites are locking out non-EU users. Pottery Barn says on its site that “due to technical challenges caused by new regulations in Europe,” it is not accepting orders from the EU.
Some media sites, like Tronc, are also blocking EU residents, The Register continues.
This is an iffy game, considering that GDPR requires that EU citizens who live elsewhere are also protected by the law.
Stern adds, however, that there is a corollary that companies such as Pottery Barn seem to underestimate:
Then there is the confusion that still seems to exist about differing laws — for example, over the potential conflict between GDPR and the EU’s PSD2 (Revised Payment Service Directive). This rule opens up financial payments to third parties like Facebook and Google, and it requires that banks share information with them.
Amit Dua, global head of client operations for SunTec, speculates that GDPR and PSD2 contradict each other. “How can businesses possibly juggle the two seemingly contradictory regulations?” he asks on ITProPortal.
Dua concludes that while the two laws seem to be contradictory, they will lead to “a much needed acceleration of their digital transformation process by placing the customer in the centre.”
As for the lack of comment from iBrussels, Stern says that there has been "a significant but expected silence from regulators since the GDPR went live. We are now at the phase of a new law where complaints are filed and slowly processed. Major US technology companies have been hit with lawsuits seeking billions of dollars. The legal system will take these cases very seriously, which means a ton of time needs to be spent on them. It could be years before the first major judgment is issued. In a few years it may look like out of nowhere the EU is issuing billion dollar fines. That is only because the nuances of these lawsuits may not be of interest to the general public before there is a judgment"
We will see. But it proves again that consumers themselves will suffer the most under GDPR if companies can't figure these things out.
In perhaps the worst piece of absurdity to date, a man complains that he was locked out of his hotel room because of a “GDPR update on the door system,” the Register notes.