Yet another email containing the letters GDPR dropped into our mailbox today.
This wasn’t even an article about non-compliance that named and shamed someone who hadn’t bothered to get ready in time.
It was about a statutory body that, unlike the rest of us, apparently doesn’t have to comply: the European Commission (EC) itself.
In the curious and orotund way that newspapers sometimes have with words, today’s GDPR email told us that:
The Telegraph can reveal today that Brussels bureaucrats, who pushed for the stricter rules around how companies and governments use data, don’t plan to comply with their own laws.
That seems weird, but you can imagine that there may be all sorts of legal absurdities that might arise by directly applying GDPR to a pan-European executive arm of government.
Which country’s regulator would apply, and how, for example?
Apparently, the EC is planning to subject itself to a regulation that will work like GDPR, even though it hasn’t yet done so.
That makes the Telegraph sound a bit OTT when it remarks that “Brussels bureaucrats […] don’t plan to comply with their own laws,” if indeed their intention is to comply with a regulation that is substantially similar.
As many companies have found, GDPR is more of a digital lifestyle guide, admittedly with teeth in the form of fines, although the EU’s various regulators seem determined not to use GDPR as a revenue mill.
And that got us thinking about a podcast we recorded almost a year ago now with Sophos expert John Shaw.
John’s overview of what GDPR is, and more importantly how we can make it work for us, is calm, measured and blessedly free of the invective that some commentators have allowed to creep in over the past year – during all of which time, of course, GDPR has already been “the law”.
We think it’s well worth another listen.
Source : Naked Security