Data and trust have become the currencies of today’s digital economy. According to estimates from the European Commission, the value of European citizens’ personal data has the potential to grow to nearly € 1 trillion annually by 2020. However, it is often said that there is no light without dark and certainly within the shadows of our digital economy – albeit difficult to recognise at first glance – there lives a dragon in the dark, feeding on data breaches and other privacy mishaps, which is now threatening to devour anyone who carelessly wanders into the digital realm.
The new General Data Protection Regulation (GDPR) seeks to address the challenges of the digital age and to combat the dangers that come with an era of mass information sharing, by giving people more control over their personal data whilst making sure that personal information is protected no matter where it is sent, processed or stored (even outside the EU as may often be the case). Universally acknowledged as the most lobbied-against European legislation ever, with over 4,000 amendments to its original proposal, the GDPR in its final agreed text allows supervisory authorities to impose monetary penalties for breaches which can be up to an eye-watering 4 percent of total worldwide turnover for the previous year. The size of these potential fines reflects the seriousness of the threat posed by the dragon in the darkness on the Digital Single Market. Furthermore, it is clear that effective data protection is not a national but an international matter and that the patchwork of similar, but actually quite diverse, data protection laws in the EU need to be replaced by a single regulation – the GDPR.