EU: Almost half of member states could be late with new data rules

Brussels – Almost half of the European Union’s member states could fail to implement new data protection rules ahead of a deadline next Friday, the bloc’s executive said.

On May 25th, the EU’s General Data Protection Regulation (GDPR) will come into effect, setting new standards for the collection and use of private data in the bloc and giving people more power over their personal information.

However, just seven of the EU’s 28 member states have already updated their laws accordingly, including Germany, France, the Netherlands and Austria, with another eight expected to pass legislation within the next week, according to the European Commission.

Eight member states, including Belgium, Greece, Hungary and other central European countries, are expected to be late in adapting to the new data protection rules, while another five are likely to narrowly miss the deadline.

Commission to impose pressure

This will create “legal uncertainty” in the states involved, warned EU Justice Commissioner Vera Jourova, noting that member states have had plenty of time since the rules were agreed to in late 2015.

One of the big advantages of the new standards – which have created a large administrative burden for companies and organizations – is that they will only have to comply with one set of rules across the EU, Jourova noted.

The commission will impose “continuous pressure” on countries to comply with the new rules, she said. This included the possibility of court referrals, which could lead to hefty fines.

“I think there was some basic underestimation of GDPR as something which will affect the businesses to the extent that it [will],” the commissioner added. She spoke of “negligence,” noting that not everybody understood the issues at stake.

According to Jourova, that has changed in light of a recent Facebook scandal, triggered by revelations that the data of 87 million global users had been improperly shared with an analysis firm hired to influence election results in the United States and Britain.

Implementation underestimated

The new privacy rules will be policed by the EU’s 28 national data protection authorities.

However, some member states have “underestimated” the funding and staffing levels that will be required, Jourova said, calling this one of the “painful” aspects of the changes being introduced.

Furthermore, as the private sector is busy hiring data privacy experts to help with their compliance, national authorities are struggling to retain staff, she added.