5 Years of GDPR

GDPR Vector

GDPR has transformed data privacy worldwide. Five years on, we commemorate its impact on transparency, trust, and user control.

5 years and 3 billion in fines later. A look at current state of law.

The past five years have seen a marked increase in public awareness regarding data privacy and how companies use individuals’ personal data.
According to GDPR Enforcement Tracker, EU regulators issued more than $3 billion in GDPR fines since 2018.

Source: https://www.enforcementtracker.com/?insights

In such an environment, it is not surprising to see businesses continue prioritizing data protection compliance. Therefore, it is timely to look at some trends that companies and their boards should prioritize during 2023.

Our series of conversations around GDPR, privacy compliance.

Join us for weekly live streams, conversations, news and updates
Subscribe Now

Navigating GDPR Compliance and Enforcement Over the Last Year and Next. Our outlook.

Crucial Cases Defining GDPR


Generative AI’s First GDPR Reckoning

AI companies must comply with the GDPR and find ways to let individuals exercise their rights. But it appears that large language models (LLMs) and EU data protection law might not be fundamentally incompatible.


EDPB Narrowly Interprets the GDPR’s ‘Contract’ Rules

The EU is considering amending the "one-stop-shop" process of the GDPR, which has hampered effective data protection enforcement. The proposed legislation would provide additional support and a new process for regulators engaged in cross-border GDPR investigations to make enforcement more effective and efficient. This could mean an increase in GDPR penalties and investigations.


CJEU Sets Down Strict Rules on GDPR ‘Special Category Data’

Regulators have indicated that they are dealing with complaints about AI technology, and the EDPB has announced an AI Task Force to help coordinate AI-related enforcement action. Companies using or developing AI should consider whether their products meet the EU's data protection and privacy requirements.

Navigating GDPR Compliance and Enforcement Over the Last Year and Next. Our outlook.

What Next


UK GDPR and ePrivacy Reforms

The UK may relax GDPR's record-keeping and risk-assessment rules, while increasing PECR's fines for cookies and marketing violations to match the GDPR's penalties.


GDPR Cross-Border Enforcement Amendment

The EU is considering amending the "one-stop-shop" process of the GDPR to address complaints of ineffective data protection enforcement. The proposed legislation aims to provide support for cross-border GDPR investigations and make enforcement more efficient.


DPAs' AI Crackdown

OpenAI may face regulatory action from France, and the EDPB has created an AI Task Force for enforcement coordination. Compliance with the GDPR and data protection requirements is crucial for companies using or developing AI.

Read the full Article