The GDPR’s First Six Years: Positive Impacts, Remaining Implementation Challenges, and Recommendations for Improvement

The GDPR has been an important tool for protecting individuals’ privacy and has substantially elevated data protection awareness globally. Its impact can be seen in many data protection laws around the world, as well as in the global privacy compliance and data management programs of many multinational organizations that use the GDPR as their baseline standard.

However, several of the implementation challenges under the GDPR we identified in our 2019 report, as well as our 2020 GDPR EU Commission’s consultation response, continue to persist. In some cases, they have increased, including in the form of unintended consequences resulting from particular interpretations of the GDPR provisions.

The purpose of this follow-up report is to:

• Highlight the GDPR’s positive impacts
• Assess any progress that has been made on previously identified challenges
• Reflect on areas that continue to undermine the full potential of the GDPR
• Find opportunities for potential improvements, particularly where this can be accomplished through interpretation and modified application of the existing text of the GDPR.

This Report identifies areas where the GDPR’s goals may be complicated by the increasing number of other digital regulations, without sufficient articulation of the level of overlap and the relationship, and where the respective definitions and requirements may not seem consistently aligned.

Download the Paper

Download Now