The GDPR defines rules for data collection in the digital environment. Because the technological part is a very different sport than the legal part, a company can face GDPR compliance issues.

The General Data Protection Regulation (GDPR) is an umbrella term for regulations that relate to the processing of personal data by companies and authorities. It is also sometimes cited as a flagship of the European Union to better ensure the privacy of its citizens.

The EU has been a pioneer in this area and more and more countries are translating the legislation into a local version, says Lisa De Smet, Chief Data Protection Advisor at Cranium: “We are seeing more and more legislation that is clearly inspired by the GDPR. ”

This seems to have advantages for European companies that want to position themselves globally. “It helps European companies trade with countries that have a similar legal framework because it gives peace of mind that the level of protection in that country is also good.”

Cookie policy in a forced marriage

The Cookie Policy is an offspring of the GDPR, which is in a forced marriage with the E-Privacy Act. In other words, a correct cookie policy takes both GDPR and e-privacy rules into account. That makes it complicated, according to De Smet: “The cookie legislation is very specific legislation where you combine two sets of legislation. That’s not all, because IT is still an important part of cookie legislation.”

The cookie legislation is very specific legislation in which you combine two types of legislation.

Lisa De Smet, Senior Privacy Advisor at Cranium

De Smet advises her peers in the legal industry that they should also arm themselves with technological knowledge. In their opinion, law and technology must work together to comply with the Cookie Directive and the general GDPR. “A properly written cookie policy that is legally sound means nothing if it doesn’t prevent the storage of data from visitors who don’t accept cookies.”

The reform of the E-Privacy Act aims to make it easier for users not to accept cookies. Some websites require users to accept cookies in order to use certain services. In the new set of rules, this is only allowed if the user is presented with a worthy alternative that does not use cookies.

In addition, software will play a more important role in getting rid of annoying pop-ups. The idea is to give users the option to accept or refuse certain categories of cookies by default via their browser. Plans for 2021 are not yet approved.

Belgium is mild

In the eyes of De Smet, it is therefore not surprising that there are still regular fines for an incorrect cookie policy. “The fines are likely to continue to be one of the biggest drivers for making everything legally compliant.”

The supervision of the regulations is in the hands of different national authorities. Complaints about a Belgian organization’s cookie policy go to the Data Protection Authority (GBA). In principle, fines are linked to violations, but according to De Smet, the GBA does not currently impose these fines. “Due to problems at the top of the GBA, enforcement is not too bad for Belgium at the moment. In reality, this often leads to an amicable agreement and not to an effective fine.”

Visibly fine

The situation at the GBA will stabilize over time, making it risky to play with the rules again. Businesses that use this time wisely to review their cookie policy have another tip from De Smet: “As a business, make sure you’re safe on the doorstep. I then talk about all matters that are in the user’s field of vision.”

“I would like to add that it is also important for companies to focus on “awareness” so that data protection becomes alive in the organization and part of its DNA and not a term that only exists on paper. This makes GDPR compliance more efficient and effective.”

Due to the Digital Markets Act and the Digital Services Act, the GDPR is up to date again. That makes it interesting to make sure that both your legal and technological knowledge is up to date. The set of rules is actually getting broader, so get started before you lose sight of the trees through the forest.