GDPR: European tech firms struggle with new data protection law

Smaller organisations and companies are finding it difficult to meet the demands of the new law and face hefty fines if they get it wrong.

The European Union has introduced sweeping new legislation to protect the privacy of its citizens.

Known as GDPR – General Data Protection Regulation – it requires all entities to protect the personal data of all EU residents.

European legislators have hailed the GDPR as ushering a new era in data privacy regulations, setting the stage for new standards in the wake of the recent Cambridge Analytica scandal and its harvesting of Facebook user data.

Tech companies will be held accountable if they fail to live up to their responsibilities and could be fined up to four percent of annual global turnover if they breach the strict new data policy.  

New rules

Companies had until Friday to comply with the new rules, under which they must clearly ask for consumer’s consent to harvest data, so they have to actively “opt-in” and be informed how their data is being used and for what purpose.


Users who no longer want their personal data processed have the right to be forgotten and have their data deleted.

Lobby groups and campaigners have broadly welcomed GDPR as a “reset button”, calling it a wake-up call, for EU citizens to engage with some fundamental questions.

“Do I really want to continue giving this company my data? Do I need to do that? Is it necessary for me?” said Julian Jaursch, of the Digital Society.

“And to make a conscious attempt, or a conscious decision what data they share.”

But many companies are struggling to bring their operations to date.

Susanne Dehmel, head of Legal & Security at Bitkom, Germany’s digital association, said firms were concerned because they were not sure how to enforce the new regulations.

“It is particularly worrying because you cannot be sure that you have implemented the rules the right way at the moment.” 

Earlier this week, Diego Naranjo, a senior policy adviser at European Digital Rights, said not enough had been done to educate and inform people about GDPR and its implications.

“We’ve been telling the European Commission that such a change needs a proper campaign to tell people how their rights are going to be reinforced. We’ve seen a lot of misinformation by private companies who see their business model potentially affected by this regulation,” said Naranjo.