A particularly momentous year in the world of privacy, 2018 will see the European Union’s General Data Protection Regulation (EU GDPR) move from policy to practice on 25 May.

Paris, 1 February 2018

Because of our globally connected world, the EU GDPR will impact businesses of all sizes, in every sector, everywhere. But it’s not only businesses that are bracing themselves for the changes. EU member states are also undertaking a makeover of their respective national data protection laws to ensure they are up to speed.

As enforcement day draws closer and many EU member states embark on the final stretch to update their national laws, we’re highlighting 3 reasons why consistent GDPR implementation will matter.

1. Promoting the digital single market

A streamlined, harmonized GDPR implementation will contribute to the ultimate goal of the proposed regulation of promoting the development of a single digital market in the EU.

2. Encouraging innovation and new business models

The GDPR allows for local derogations in certain fields, such as health data. But without consistency on key areas, such as the definition of personal data, businesses – and in particular SMEs – may not survive without a legal team in place to keep up with inconsistencies.

3. Cutting costs while ensuring legal certainty and cross border data flows

Complicating mechanisms, such as the one-stop-shop  introduced by the European Commissionin to clarify and simplify compliance requirements for global companies that process data in several EU member states, would bring legal uncertainty to both companies and people. Doing so would compromise the goal of the one-stop-shop which offers a sound opportunity for cutting costs and encouraging streamlined non-bureaucratic rules.

At ICC, we know that business expertise and knowledge is vital for data protection. Businesses are the innovators and producers of technology and digital infrastructure representing an invaluable pool of expertise for policymakers.

As privacy is both subjective, and tied to the cultural and legal context of the jurisdiction, harmonization can be difficult to obtain. Yet the GDPR aims to do exactly that. A central goal is to encourage a more effective, accountable and less administratively burdensome data privacy regime for Europe.


The European Commission has released a new website with extensive guidance on the implementation of the European Union General Data Protection Regulation (GDPR) including:

  • A guidance communication
  • Q&A on changes brought by the GDPR and their implications for citizens and SMEs
  • A series of factsheets.

A communication from the European Commission was also released last week with information on GDPR implementation activities. See here.