The European Union’s landmark law for protecting European citizens’ data privacy still lacks specifics a year after taking effect, lawyers say.
European and US privacy attorneys say they want the bloc’s data protection authorities to clarify parts of the General Data Protection Regulation, which became law on May 25, 2018. Questions linger over how companies should handle data access requests from individuals; the extent to which GDPR obligations extend to companies outside the EU; and when and how companies should report data breach notifications, they said.
“National regulators should lead by example and empower organizations with clear rules and useful guidance; this has not been achieved across the board,” said Alja Poler De Zwart, of counsel with Morrison & Foerster in Brussels.
Full article published at Bloomberg Law.