GDPR has been in force for five years now. Our German Federal Data Protection Commissioner celebrates GDPR as success. Similar the EU. Time to take a couple of minutes today and reflect. My first thoughts: Every organization in the world knows by now what GDPR is. This is definitely an export success and I would not have thought that GDPR will get an international role model for many countries, including the US or China. On the other hand, I see many organizations struggle with details and, especially SMEs with the efforts its takes to meet all accountability requirements of GDPR. When I placed a reservation for a table at the Oktoberfest recently, I was (freely) asked to consent that my name is displayed on the the daily reservation table in the Oktoberfest tent. I am pretty sure that the authors of GDPR did not intend this.
Time for all to reflect and for the EU also to think about an update of GDPR in areas that have proven "painpoints" for organizations and unpractical and also to think whether we (in the EU) really want other laws like DMA, DSA and AI Act becom similar role models or whether they not turn out to be "break shoes" for the EU economy and innovation. Cheers!