GDPR Guide: A Living List of Resource Links

After four years of deliberation, the General Data Protection Regulation (GDPR) was officially adopted by the European Union in 2016. The regulation gave companies a two-year runway to get compliant, which is theoretically plenty of time to get shipshape. The reality is messier. Like term papers and tax returns, there are people who get it done early, and then there’s the rest of us.

GDPR is an ambitious set of rules spanning from requirements to notify regulators about data breaches (within 72 hours, no less) to transparency for users about what data is being collected and why.

GDPR can allow regulators to fine companies up to 4 percent of their global revenue for violations of GDPR. To put that in perspective, a 4 percent fine on Amazon would be $7 billion. (Interestingly, since a company like Amazon reports huge revenues and relatively small profits, a 4 percent fine could cost them over two years of profit.)

To be fair, GDPR as a whole is a bit complicated. Alison Cool, a professor of anthropology and information science at the University of Colorado, Boulder, writes in The New York Times that the law is “staggeringly complex” and practically incomprehensible to the people who are trying to comply with it. Scientists and data managers she spoke to “doubted that absolute compliance was even possible.”

The GDPR requires the regulator to do something to enforce the law. It might not be a 4 percent fine, but they can’t just forward the complaints straight to the wastebasket. Seventeen of 24 European regulators surveyed by Reuters earlier this month said they weren’t ready for the new law to come into effect because they didn’t yet have the funding or the legal powers to fulfill their duties.


Boyan Josic is the Founder & CEO of Mogul Media, and the editor of JOSIC Media. Boyan also serves as an advisor to Aeron, SignIX, Velix.ID, and Energy Premier. 

Related Posts