FRA - Fundamental Rights Agency

06/12/2019 | Press release | Distributed by Public on 06/12/2019 00:42

Civil society challenged when implementing EU’s new data protection rules

The new rules have applied across the EU since 25 May 2018. To understand the impact, FRA asked civil society organisations how the regulation affected them.

The 'General Data Protection Regulation - one year on ' focus paper shows that two-thirds of civil society organisations understand the GDPR requirements. Around a half also have designated data protection officers.

However, even with this understanding, 77% face challenges in implementing the rules; 89% say it required effort to comply with the rules, as they understood them. This mostly relates to adopting or revising privacy policies, and obtaining consent from mailing list subscribers.

Despite these challenges, 37% say the new rules made them more efficient in their daily work. That said, issues surrounding consent, the legal basis for processing personal data and granting access to personal data are cited as being particularly challenging in day-to-day operations.

Most (67%) say that their national data protection supervisory authority did not proactively provide any assistance or advice. In addition, 72% indicate they did not have any direct contact with the relevant national authority. This underlines a lack of communication between the two. Several sought help from private companies that charged fees.

Users rarely seem to use their rights to access, modify or erase their personal data held by civil society. When they do, it tends to be mostly about deleting their personal data.

In addition, the paper shows that very few civil society organisations exercised their right to complain about data protection violations.

The findings draw on responses from over 100 organisations. They will feed into the European Commission's overall assessment of the GDPR's impact.