[ust]

Hi, I'm involved with GDPR for my work, although in academic context, i.e. the primary motive in processing of personal data is in security, provisioning services, accounting purposes, etc. Also, I'm not a lawyer, and this is just my personal opinion.

So, while I do work in academic environment, I do have contact with people from industry, and they are taking this seriously. (Of topic, this actually created a new business opportunity, for compliance with the GDPR). However, GDPR is not that different from the Directive, if you were compliant with the Directive, chances are, you're probably (mostly) compliant with the GDPR. Yes, the conditions for consent are strengthened, and since now we have a Regulation, it is valid in all countries. There are other differences, and it is more stringent now, but it is not drastically different from the Directive. BTW, this link[1] have a nice overview (I'm completely unaffiliated with that firm, I just like how they structured it...):

[1] https://www.whitecase.com/publications/article/gdpr-handbook...

One thing that people lost sight of, at least in my opinion, that GDPR is not just about punishment, or stopping the processing of personal data, it is also about transparency. People should not be coy/evasive/unclear about what kind of data one is collecting and for which purpose. This is one of the most important things (again, in my opinion). Processing of personal data has a valid and important purpose, and the GDPR is not there to stop it.

And for the question will the GDPR be enforced, I think it will. For the moment, though, all data protection authorities (DPAs) are a bit overloaded, and I suspect that will be the case in the near future. But obviously, EU and EC are taking GDPR quite seriously.

Hope this answers your question.

(Edited for grammar...)

[cJ0th]

> One thing that people lost sight of, at least in my opinion, that GDPR is not just about punishment, or stopping the processing of personal data, it is also about transparency. People should not be coy/evasive/unclear about what kind of data one is collecting and for which purpose. This is one of the most important things (again, in my opinion). Processing of personal data has a valid and important purpose, and the GDPR is not there to stop it.

But doesn't that make the GDPR just another "Cookie Law" (albeit with more effort to implement it)? The average person will not reflect on the permissions they give I am afraid. They'll mechanically accept them like they do with EULAs.

I don't think that the GDPR is bad it's just that before launching it they should have made sure that people (especially kids in school) really understand what kind of madness they're currently engaging in.