Ever since May 2018, any business that operates within the European Union (EU) and handles customer data, has to comply with the General Data Protection Regulation (GDPR) or face prosecution, with financial penalties commonplace.
However, the task of issuing these fines and policing the businesses has often fallen to local governments, particularly those operating in Ireland now such as Meta, being under Irish jurisdiction. This results in delays in issuing and processing the fines and penalties causing a bottleneck and an inability to properly enforce the regulation.
This is going to change as the European Commission has now made it a requirement for regional governments to submit reports on how their investigations into GDPR violations are going six times a year. This reports will also have an overview of all the large-scale, cross-border investigations, including timelines and procedural steps.
The biggest impact will be in those countries that have the most tech firms that operate within their borders, namely Ireland, France, Luxembourg and the Netherlands. Their governments will now be held to account as to how they are progressing with their investigations into GDPR non-compliance.
Ireland"s government, however, has argued that it is difficult to process all of the complaints that it has received, given that cases are often complex, and require thorough investigation. This is without the number of cross-border complaints that it receives on a regular basis.
Source: Bloomberg