For example let’s look at Ireland.
[0] Ireland tries to exclude itself from GDPR https://www.thejournal.ie/data-protection-bill-2018-3853647-...
[1] Entire health system compromised and possibly majority of PHI data exfiltrated https://www.hse.ie/eng/services/publications/conti-cyber-att...
[2] Irish health service only begins notifications to confirmed affected individuals a year later https://www.hse.ie/eng/services/news/media/pressrel/hse-begi...
[3] selective punishment of companies whose data is breached eg google https://techcrunch.com/2022/03/14/dpc-sued-google-rtb-compla... vs meta https://www.dataprotection.ie/en/news-media/data-protection-...
Laws unevenly applied make a mockery of justice.
My understanding is that member states (and perhaps all sovereigns) are not required to comply with GDPR unless they explicitly choose to.
My understanding is that member states (and perhaps all sovereigns) are not required to comply with GDPR unless they explicitly choose to.