Editor’s Note: Published as communication from the European Commission to the European Parliament and Council, the recent report on data protection as a pillar of citizens’ empowerment and the EU’s approach to continued digital transition two years after the application of the General Data Protection Regulation (GDPR) may be beneficial for legal, business, and information technology professionals as they consider data protection in the European Union.
Data Protection as a Pillar of Citizens’ Empowerment and the EU’s Approach to the Digital Transition – Two Years of Application of the General Data Protection Regulation
Opportunities and Challenges for Organizations, in Particular, Small and Medium-sized Enterprises
The GDPR, together with the Free Flow of Non-Personal Data Regulation offers opportunities to companies by fostering competition and innovation, ensuring the free flow of data within the EU, and creating a level playing field with companies established outside the EU. The right to portability, coupled with an increasing number of individuals in search of more privacy-friendly solutions, have the potential to lower the barriers to entry for businesses and open the possibilities for growth based on trust and innovation. Some stakeholders report that the application of the GDPR is challenging especially for small and medium-sized enterprises (SMEs). According to the risk-based approach, it would not be appropriate to provide derogations based on the size of the operators, as their size is not in itself an indication of the risks the processing of personal data that it undertakes can create for individuals. Several data protection authorities have provided practical tools to facilitate the implementation of the GDPR by SMEs with low-risk processing activities. These efforts should be intensified and widespread, preferably within a common European approach in order not to create barriers to the Single Market.
Data protection authorities have developed a number of activities to help SMEs comply with the GDPR, for instance through the provision of templates for processing contracts and records for processing activities, seminars, and hotlines for consultation. A number of these initiatives benefited from EU funding. Further activities should be considered to facilitate the application of the GDPR for SMEs.
The GDPR makes a toolbox available to all types of companies and organizations to help them demonstrate compliance, such as codes of conduct, certification mechanisms, and standard contractual clause. This toolbox should be used to its full extent. SMEs stress, in particular, the importance and usefulness of codes of conduct that are tailored to their situation and which do not entail disproportionate costs. As regards certification schemes, security (including cybersecurity) and data protection by design are key elements to be considered under the GDPR and would benefit from a common and ambitious approach throughout the EU. The Commission is currently working on standard contractual clauses between controllers and processors, building on the on-going work on the modernization of the standard contractual clauses for international transfers.A Pillar of Empowerment – EU – Data Protection
- A Matter of Opinion? An EDPS View on the European Data Strategy
- Cloudy Considerations? ESMA Draft Guidelines on Outsourcing to Cloud Service Providers
Generative Artificial Intelligence and Large Language Model Use
ComplexDiscovery OÜ recognizes the value of GAI and LLM tools in streamlining content creation processes and enhancing the overall quality of its research, writing, and editing efforts. To this end, ComplexDiscovery OÜ regularly employs GAI tools, including ChatGPT, Claude 2, Midjourney, and DALL-E3, to assist, augment, and accelerate the development and publication of both new and revised content in posts and pages published (initiated in late 2022).
ComplexDiscovery also provides a ChatGPT-powered AI article assistant for its users. This feature leverages LLM capabilities to generate relevant and valuable insights related to specific page and post content published on ComplexDiscovery.com. By offering this AI-driven service, ComplexDiscovery OÜ aims to create a more interactive and engaging experience for its users, while highlighting the importance of responsible and ethical use of GAI and LLM technologies.
Have a Request?
If you have information or offering requests that you would like to ask us about, please let us know, and we will make our response to you a priority.
ComplexDiscovery is a distinguished digital publication that delivers journalistic insights into cybersecurity, information governance, and eDiscovery developments and technologies. It adeptly navigates the intersection of these sectors with international business and current affairs, transforming relevant developments into informational news stories. This unique editorial approach enables professionals to gain a broader perspective on the intricacies of the digital landscape for informed strategic decision-making.
Incorporated in Estonia, a nation celebrated for its digital innovation, ComplexDiscovery OÜ adheres to the most rigorous standards of journalistic integrity. The publication diligently analyzes global trends, assesses technological breakthroughs, and offers in-depth appraisals of services involving electronically stored information. By contextualizing complex legal technology issues within the broader narrative of worldwide commerce and current events, ComplexDiscovery provides its readership with indispensable insights and a nuanced understanding of the eDiscovery industry.