GDPR: a critical review of the practical, ethical and constitutional aspects one year after it entered into force

Abstract

The General Data Protection Regulation (GDPR) aims to reform EU data privacy regulation and personal data processing, both in the private and public sectors, by awarding substantial rights to data subjects and obligations to data controllers and processors. Within the first year of its implementation, a heightened awareness regarding the data protection issues of the data subject has been recorded, while, under the threat of the imposition of heavy penalties, data controllers and processors have accelerated their efforts to achieve an acceptable level of GDPR compliance. Furthermore, other aspects of censure are the amended role of the supervisory authorities, the effect of the implementation of the GDPR on competing constitutional rights, the unprecedented extent of its extraterritoriality, and the highly ambitious consistency mechanism. Finally, the GDPR equally aims to protect the free movement of data within the EU and should not be used to trump other constitutional rights, such as the right to information and freedom of expression.