Last May 25 the GDPR came into force. It was hard not to notice given the inundation of emails that everyone received, as well as the clear signs of burnout in the eyes of GDPR experts.
Here are my personal top 3 takeaways from that experience:
- The Law (capital “L”) showed its full might and power on May 25, something which surprised even those, like me, who work with legal requirements all day every day. Look at what companies do when you threaten a 4% fine on their worldwide turnover! (Incidentally, this reminded me why politics is important and why people who are indifferent to politics are wrong: this stuff does make a difference in our lives).
- The Italian authorities (mostly the government and parliament) lost yet another opportunity to be helpful to citizens. We had been waiting for a national data protection law for months, but no such law was enacted before May 25. Until that happens, Italians are supposed to assess, for each and every provision of the Data Protection Code, whether or not it conflicts with the GDPR. How practical.